Debian Firefox vulnerabilities

CVE-2017-5406 [HIGH] CVE-2017-5406: firefox - A segmentation fault can occur in the Skia graphics library during some canvas o... A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. This vulnerability affects Firefox < 52 and Thunderbird < 52. Scope: local sid: resolved (fixed in 52.0-1)

CVE-2017-5379 [HIGH] CVE-2017-5379: firefox - Use-after-free vulnerability in Web Animations when interacting with cycle colle... Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)

CVE-2017-7843 [HIGH] CVE-2017-7843: firefox - When Private Browsing mode is used, it is possible for a web worker to write per... When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and

CVE-2017-5467 [HIGH] CVE-2017-5467: firefox - A potential memory corruption and crash when using Skia content when drawing con... A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)

CVE-2017-7772 [HIGH] CVE-2017-7772: firefox - Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::dec... Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function. Scope: local sid: resolved (fixed in 54.0-1)

CVE-2017-5444 [HIGH] CVE-2017-5444: firefox - A buffer overflow vulnerability while parsing "application/http-index-format" fo... A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)

CVE-2017-5455 [HIGH] CVE-2017-5455: firefox - The internal feed reader APIs that crossed the sandbox barrier allowed for a san... The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)

CVE-2017-5422 [HIGH] CVE-2017-5422: firefox - If a malicious site uses the "view-source:" protocol in a series within a single... If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making "view-source:" linkable. This vulnerability affects Firefox < 52 and Thunderbird < 52. Scope: local sid: resolved (fixed in 52.0-1)

CVE-2017-5419 [HIGH] CVE-2017-5419: firefox - If a malicious site repeatedly triggers a modal authentication prompt, eventuall... If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox < 52 and Thunderbird < 52. Scope: local sid: resolved (fixed in 52.0-1)

CVE-2017-5385 [HIGH] CVE-2017-5385: firefox - Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME... Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. This vulnerability affects Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)

CVE-2017-7805 [HIGH] CVE-2017-7805: firefox - During TLS 1.2 exchanges, handshake hashes are generated which point to a messag... During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handsha

CVE-2017-7798 [HIGH] CVE-2017-7798: firefox - The Developer Tools feature suffers from a XUL injection vulnerability due to im... The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)

CVE-2017-7777 [HIGH] CVE-2017-7777: firefox - Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphit... Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function. Scope: local sid: resolved (fixed in 54.0-1)

CVE-2017-5388 [HIGH] CVE-2017-5388: firefox - A STUN server in conjunction with a large number of "webkitRTCPeerConnection" ob... A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. This vulnerability affects Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)

CVE-2017-5412 [HIGH] CVE-2017-5412: firefox - A buffer overflow read during SVG filter color value operations, resulting in da... A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox < 52 and Thunderbird < 52. Scope: local sid: resolved (fixed in 52.0-1)

CVE-2017-7754 [HIGH] CVE-2017-7754: firefox - An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object dur... An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Scope: local sid: resolved (fixed in 54.0-1)

CVE-2017-5421 [HIGH] CVE-2017-5421: firefox - A malicious site could spoof the contents of the print preview window if popup w... A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < 52 and Thunderbird < 52. Scope: local sid: resolved (fixed in 52.0-1)

CVE-2017-5436 [HIGH] CVE-2017-5436: firefox - An out-of-bounds write in the Graphite 2 library triggered with a maliciously cr... An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed in 52

CVE-2017-5448 [HIGH] CVE-2017-5448: firefox - An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-enc... An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerabi

CVE-2017-7776 [HIGH] CVE-2017-7776: firefox - Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in gra... Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph. Scope: local sid: resolved (fixed in 54.0-1)