Debian Firefox vulnerabilities

CVE-2017-7815 [MEDIUM] CVE-2017-7815: firefox - On pages containing an iframe, the "data:" protocol can be used to create a moda... On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations with e10 multiprocess turned off. Installations with e10s turned on do not support the mod

CVE-2017-7825 [MEDIUM] CVE-2017-7825: firefox - Several fonts on OS X display some Tibetan and Arabic characters as whitespace. ... Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Scope: loca

CVE-2017-7796 [MEDIUM] CVE-2017-7796: firefox - On Windows systems, the logger run by the Windows updater deletes the file "upda... On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file named "update.log" instead of the one intended. Note: This attack only

CVE-2017-5409 [MEDIUM] CVE-2017-5409: firefox - The Mozilla Windows updater can be called by a non-privileged user to delete an ... The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Fir

CVE-2017-7782 [MEDIUM] CVE-2017-7782: firefox - An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k ... An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Scope: local sid: resolved

CVE-2017-5392 [CRITICAL] CVE-2017-5392: firefox - Weak proxy objects have weak references on multiple threads when they should onl... Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. Scope: local sid: resolved

CVE-2017-5387 [LOW] CVE-2017-5387: firefox - The existence of a specifically requested local file can be found due to the dou... The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)

CVE-2017-7817 [MEDIUM] CVE-2017-7817: firefox - A spoofing vulnerability can occur when a page switches to fullscreen mode witho... A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 56. Scope: loca

CVE-2017-7765 [HIGH] CVE-2017-7765: firefox - The "Mark of the Web" was not correctly saved on Windows when files with very lo... The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. T

CVE-2017-5411 [HIGH] CVE-2017-5411: firefox - A use-after-free can occur during buffer storage operations within the ANGLE gra... A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading to a potentially exploitable crash. Note: This issue is in "libGLES", which is only in use on Windows. Other operating systems are not affected. This vulnerability affec

CVE-2017-7804 [HIGH] CVE-2017-7804: firefox - The destructor function for the "WindowsDllDetourPatcher" class can be re-purpos... The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are n

CVE-2017-5425 [HIGH] CVE-2017-5425: firefox - The Gecko Media Plugin sandbox allows access to local files that match specific ... The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been updated to not allow access to "/private/var" and its subdirectories. Note: this issue only affects OS X. Other operating

CVE-2017-7790 [HIGH] CVE-2017-7790: firefox - On Windows systems, if non-null-terminated strings are copied into the crash rep... On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Fire

CVE-2017-7760 [HIGH] CVE-2017-7760: firefox - The Mozilla Windows updater modifies some files to be updated by reading the ori... The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a special path to the callback parameter through the Mozilla Maintenance Service, allowing the manipulation of files in the installation directory and privilege escalation

CVE-2017-7768 [MEDIUM] CVE-2017-7768: firefox - The Mozilla Maintenance Service can be invoked by an unprivileged user to read 3... The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access, bypassing system protections against unprivileged users. Note: This attac

CVE-2017-7770 [MEDIUM] CVE-2017-7770: firefox - A mechanism where when a new tab is loaded through JavaScript events, if fullscr... A mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then entered, the addressbar will not be rendered. This would allow a malicious site to displayed a spoofed addressbar, showing the location of an arbitrary website instead of the one loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. Th

CVE-2017-7767 [MEDIUM] CVE-2017-7767: firefox - The Mozilla Maintenance Service can be invoked by an unprivileged user to overwr... The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 5

CVE-2017-5394 [HIGH] CVE-2017-5394: firefox - A location bar spoofing attack where the location bar of loaded page will be sho... A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. Scope: local sid: resolved

CVE-2017-7763 [MEDIUM] CVE-2017-7763: firefox - Default fonts on OS X display some Tibetan characters as whitespace. When used i... Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Scope: local sid: reso

CVE-2017-7755 [HIGH] CVE-2017-7755: firefox - The Firefox installer on Windows can be made to load malicious DLL files stored ... The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR <