Debian Firefox vulnerabilities

CVE-2017-7844 [MEDIUM] CVE-2017-7844: firefox - A combination of an external SVG image referenced on a page and the coloring of ... A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier releases are not affected. This vulnerability affects Firefox < 57.0.1. Scop

CVE-2017-7799 [MEDIUM] CVE-2017-7799: firefox - JavaScript in the "about:webrtc" page is not sanitized properly being assigned t... JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting (XSS) attack. This vulnerability affects Firefox < 55. Scope: local sid: resolved (

CVE-2017-7842 [MEDIUM] CVE-2017-7842: firefox - If a document's Referrer Policy attribute is set to "no-referrer" sometimes two ... If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox < 57. Scope: local sid: resolved (fixed in 57.0-1)

CVE-2017-5451 [MEDIUM] CVE-2017-5451: firefox - A mechanism to spoof the addressbar through the user interaction on the addressb... A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: re

CVE-2017-7840 [MEDIUM] CVE-2017-7840: firefox - JavaScript can be injected into an exported bookmarks file by placing JavaScript... JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks if users were convinced to add malicious tags to

CVE-2017-7816 [MEDIUM] CVE-2017-7816: firefox - WebExtensions could use popups and panels in the extension UI to load an "about:... WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56. Scope: local sid: resolved (fixed in 56.0-1)

CVE-2017-5383 [MEDIUM] CVE-2017-5383: firefox - URLs containing certain unicode glyphs for alternative hyphens and quotes do not... URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)

CVE-2017-5384 [MEDIUM] CVE-2017-5384: firefox - Proxy Auto-Config (PAC) files can specify a JavaScript function called for all U... Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (

CVE-2017-5408 [MEDIUM] CVE-2017-5408: firefox - Video files loaded video captions cross-origin without checking for the presence... Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Scope: local sid: resolved (fixed in 52.0-1)

CVE-2017-5405 [MEDIUM] CVE-2017-5405: firefox - Certain response codes in FTP connections can result in the use of uninitialized... Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Scope: local sid: resolved (fixed in 52.0-1)

CVE-2017-5466 [MEDIUM] CVE-2017-5466: firefox - If a page is loaded from an original site through a hyperlink and contains a red... If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: re

CVE-2017-7823 [MEDIUM] CVE-2017-7823: firefox - The content security policy (CSP) "sandbox" directive did not create a unique or... The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Scope: lo

CVE-2017-7838 [MEDIUM] CVE-2017-7838: firefox - Punycode format text will be displayed for entire qualified international domain... Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited spoofing attacks due to user confusion. This vulnerability affects Firefo

CVE-2017-5458 [MEDIUM] CVE-2017-5458: firefox - When a "javascript:" URL is drag and dropped by a user into the addressbar, the ... When a "javascript:" URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves. This vulnerability affects Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)

CVE-2017-7808 [MEDIUM] CVE-2017-7808: firefox - A content security policy (CSP) "frame-ancestors" directive containing origins w... A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)

CVE-2017-5407 [MEDIUM] CVE-2017-5407: firefox - Using SVG filters that don't use the fixed point math implementation on a target... Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8,

CVE-2017-5414 [MEDIUM] CVE-2017-5414: firefox - The file picker dialog can choose and display the wrong local default directory ... The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox < 52 and Thunderbird < 52. Scope: local sid: resolved (fixed in 52.0-1)

CVE-2017-5415 [MEDIUM] CVE-2017-5415: firefox - An attack can use a blob URL and script to spoof an arbitrary addressbar URL pre... An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as the protocol, leading to user confusion and further spoofing attacks. This vulnerability affects Firefox < 52. Scope: local sid: resolved (fixed in 52.0-1)

CVE-2017-5427 [MEDIUM] CVE-2017-5427: firefox - A non-existent chrome.manifest file will attempt to be loaded during startup fro... A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenc

CVE-2017-7822 [MEDIUM] CVE-2017-7822: firefox - The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should r... The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects Firefox < 56. Scope: local sid: resolved (fixed in 56.0-1)