Debian Firefox vulnerabilities

CVE-2017-7797 [HIGH] CVE-2017-7797: firefox - Response header name interning does not have same-origin protections and these h... Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerability affects Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)

CVE-2017-7814 [HIGH] CVE-2017-7814: firefox - File downloads encoded with "blob:" and "data:" URL elements bypassed normal fil... File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firef

CVE-2017-7807 [HIGH] CVE-2017-7807: firefox - A mechanism that uses AppCache to hijack a URL in a domain using fallback by ser... A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)

CVE-2017-7773 [HIGH] CVE-2017-7773: firefox - Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz... Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor. Scope: local sid: resolved (fixed in 54.0-1)

CVE-2017-5416 [HIGH] CVE-2017-5416: firefox - In certain circumstances a networking event listener can be prematurely released... In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52. Scope: local sid: resolved (fixed in 52.0-1)

CVE-2017-5445 [HIGH] CVE-2017-5445: firefox - A vulnerability while parsing "application/http-index-format" format content whe... A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)

CVE-2017-7794 [HIGH] CVE-2017-7794: firefox - On Linux systems, if the content process is compromised, the sandbox broker will... On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only affects the Linux operating system. Other operating systems are not affected. This vulnerability affects Firefox < 55. Scope: local

CVE-2017-7787 [HIGH] CVE-2017-7787: firefox - Same-origin policy protections can be bypassed on pages with embedded iframes du... Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)

CVE-2017-5382 [HIGH] CVE-2017-5382: firefox - Feed preview for RSS feeds can be used to capture errors and exceptions generate... Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)

CVE-2017-7806 [HIGH] CVE-2017-7806: firefox - A use-after-free vulnerability can occur when the layer manager is freed too ear... A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)

CVE-2017-5386 [HIGH] CVE-2017-5386: firefox - WebExtension scripts can use the "data:" protocol to affect pages loaded by othe... WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)

CVE-2017-5378 [HIGH] CVE-2017-5378: firefox - Hashed codes of JavaScript objects are shared between pages. This allows for poi... Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)

CVE-2017-5450 [HIGH] CVE-2017-5450: firefox - A mechanism to spoof the Firefox for Android addressbar using a "javascript:" UR... A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)

CVE-2017-5449 [HIGH] CVE-2017-5449: firefox - A possibly exploitable crash triggered during layout and manipulation of bidirec... A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)

CVE-2017-7752 [HIGH] CVE-2017-7752: firefox - A use-after-free vulnerability during specific user interactions with the input ... A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Scope: local sid: resolved (fixe

CVE-2017-7835 [HIGH] CVE-2017-7835: firefox - Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) docu... Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox < 57. Scope: local sid: resolved (fixed in 57.0-1)

CVE-2017-7771 [HIGH] CVE-2017-7771: firefox - Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass:... Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. Scope: local sid: resolved (fixed in 54.0-1)

CVE-2017-7762 [HIGH] CVE-2017-7762: firefox - When entered directly, Reader Mode did not strip the username and password secti... When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54. Scope: local sid: resolved (fixed in 54.0-1)

CVE-2017-5381 [HIGH] CVE-2017-5381: firefox - The "export" function in the Certificate Viewer can force local filesystem navig... The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. This vulnerability affects Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)

CVE-2017-7836 [HIGH] CVE-2017-7836: firefox - The "pingsender" executable used by the Firefox Health Report dynamically loads ... The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges. Note: This attack requires an attacker have local system access and only affects OS X and Linux. Windows systems are not affected