Debian Firefox vulnerabilities

CVE-2017-7791 [MEDIUM] CVE-2017-7791: firefox - On pages containing an iframe, the "data:" protocol can be used to create a moda... On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)

CVE-2017-7831 [MEDIUM] CVE-2017-7831: firefox - A vulnerability where the security wrapper does not deny access to some exposed ... A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "_exposedProps_" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox < 57. Scope: local sid: resolved (fixed in 57.0-1)

CVE-2017-7781 [MEDIUM] CVE-2017-7781: firefox - An error occurs in the elliptic curve point addition algorithm that uses mixed J... An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINT_AT_INFINITY" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox < 55. Scope:

CVE-2017-5393 [MEDIUM] CVE-2017-5393: firefox - The "mozAddonManager" allows for the installation of extensions from the CDN for... The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. This vulnerability affects Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)

CVE-2017-7764 [MEDIUM] CVE-2017-7764: firefox - Characters from the "Canadian Syllabics" unicode block can be mixed with charact... Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from "Aspirational Use Scripts" such as Canadian Syllabics to be m

CVE-2017-7830 [MEDIUM] CVE-2017-7830: firefox - The Resource Timing API incorrectly revealed navigations in cross-origin iframes... The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. Scope: local sid: resolved (fixed in 57.0-1)

CVE-2017-7820 [MEDIUM] CVE-2017-7820: firefox - The "instanceof" operator can bypass the Xray wrapper mechanism. When called on ... The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects Firefox < 56. Scope: local sid: resolved (fixed in 56.0-1)

CVE-2017-7837 [MEDIUM] CVE-2017-7837: firefox - SVG loaded through "<img>" tags can use "<meta>" tags within the SVG data to set... SVG loaded through "" tags can use "" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57. Scope: local sid: resolved (fixed in 57.0-1)

CVE-2017-5389 [MEDIUM] CVE-2017-5389: firefox - WebExtensions could use the "mozAddonManager" API by modifying the CSP headers o... WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 51. Scope: local sid: resolve

CVE-2017-7812 [MEDIUM] CVE-2017-7812: firefox - If web content on a page is dragged onto portions of the browser UI, such as the... If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox < 56. Scope: local sid: resolved (fixed in 56.0-1)

CVE-2017-5417 [MEDIUM] CVE-2017-5417: firefox - When dragging content from the primary browser pane to the addressbar on a malic... When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This vulnerability affects Firefox < 52. Scope: local sid: resolved (fixed in 52.0-1)

CVE-2017-7832 [MEDIUM] CVE-2017-7832: firefox - The combined, single character, version of the letter 'i' with any of the potent... The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display as punycode. Th

CVE-2017-7834 [MEDIUM] CVE-2017-7834: firefox - A "data:" URL loaded in a new tab did not inherit the Content Security Policy (C... A "data:" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when "data:" documents also inherited the context of the original page this would allow for potential cross-site scripting (XSS) attacks. This vulnerability affects Fire

CVE-2017-5420 [MEDIUM] CVE-2017-5420: firefox - A "javascript:" url loaded by a malicious page can obfuscate its location by bla... A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly. This vulnerability affects Firefox < 52. Scope: local sid: resolved (fixed in 52.0-1)

CVE-2017-5426 [MEDIUM] CVE-2017-5426: firefox - On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when ... On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. Note: this issue only affects Linux. Other operating systems are not affect

CVE-2017-5418 [MEDIUM] CVE-2017-5418: firefox - An out of bounds read error occurs when parsing some HTTP digest authorization r... An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox < 52 and Thunderbird < 52. Scope: local sid: resolved (fixed in 52.0-1)

CVE-2017-7833 [MEDIUM] CVE-2017-7833: firefox - Some Arabic and Indic vowel marker characters can be combined with Latin charact... Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects F

CVE-2017-5453 [MEDIUM] CVE-2017-5453: firefox - A mechanism to inject static HTML into the RSS reader preview page due to a fail... A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's "TITLE" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)

CVE-2017-7839 [MEDIUM] CVE-2017-7839: firefox - Control characters prepended before "javascript:" URLs pasted in the addressbar ... Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are convinced to copy and paste text into the addressbar. This vulnerabi

CVE-2017-5462 [MEDIUM] CVE-2017-5462: firefox - A flaw in DRBG number generation within the Network Security Services (NSS) libr... A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1