Debian Firefox vulnerabilities

CVE-2017-7789 [MEDIUM] CVE-2017-7789: firefox - If a server sends two Strict-Transport-Security (STS) headers for a single conne... If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)

CVE-2017-7766 [HIGH] CVE-2017-7766: firefox - An attack using manipulation of "updater.ini" contents, used by the Mozilla Wind... An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not

CVE-2017-5395 [MEDIUM] CVE-2017-5395: firefox - Malicious sites can display a spoofed location bar on a subsequently loaded page... Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. Scope: local sid: resolved

CVE-2017-7761 [MEDIUM] CVE-2017-7761: firefox - The Mozilla Maintenance Service "helper.exe" application creates a temporary dir... The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction can be deleted by the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local s

CVE-2017-5452 [MEDIUM] CVE-2017-5452: firefox - Malicious sites can display a spoofed addressbar on a page when the existing loc... Malicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable page element is user selected. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53. Scope: local sid: resolved

CVE-2017-5463 [MEDIUM] CVE-2017-5463: firefox - Android intents can be used to launch Firefox for Android in reader mode with a ... Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53. Scope: local sid: resolved

CVE-2017-7845 [HIGH] CVE-2017-7845: firefox - A buffer overflow occurs when drawing and validating elements using Direct 3D 9 ... A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vu

CVE-2017-16541 [MEDIUM] CVE-2017-16541: firefox - Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass th... Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. Scope: local sid: resolved (fixed in 62.0-1)

CVE-2017-5397 [CRITICAL] CVE-2017-5397: firefox - The cache directory on the local file system is set to be world writable. Firefo... The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own versions. This vulnerability affects Firefox < 51.0.3. Scope: local si

CVE-2017-7759 [HIGH] CVE-2017-7759: firefox - Android intent URLs given to Firefox for Android can be used to navigate from HT... Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reading of local data through a violation of same-origin policy. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 54. Scope: local sid: resolved

CVE-2016-5290 [CRITICAL] CVE-2016-5290: firefox - Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of the... Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Scope: local sid: resolved (fixed in 50.0-1)

CVE-2016-5297 [CRITICAL] CVE-2016-5297: firefox - An error in argument length checking in JavaScript, leading to potential integer... An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Scope: local sid: resolved (fixed in 50.0-1)

CVE-2016-5281 [CRITICAL] CVE-2016-5281: firefox - Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before... Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document. Scope: local sid: resolved (fixed in 49.0-1)

CVE-2016-5289 [CRITICAL] CVE-2016-5289: firefox - Memory safety bugs were reported in Firefox 49. Some of these bugs showed eviden... Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50. Scope: local sid: resolved (fixed in 50.0-1)

CVE-2016-5274 [CRITICAL] CVE-2016-5274: firefox - Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function i... Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation. Scope: local sid: resolved (fixed in 49.0-1)

CVE-2016-9893 [CRITICAL] CVE-2016-9893: firefox - Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed ... Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Scope: local sid: resolved (fixed in 50.1.0-1)

CVE-2016-9901 [CRITICAL] CVE-2016-9901: firefox - HTML tags received from the Pocket server will be processed without sanitization... HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1. Scope: local sid: resolved (fixed in 50.1.0-1)

CVE-2016-0718 [CRITICAL] CVE-2016-0718: expat - Expat allows context-dependent attackers to cause a denial of service (crash) or... Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. Scope: local bookworm: resolved (fixed in 2.1.1-2) bullseye: resolved (fixed in 2.1.1-2) forky: resolved (fixed in 2.1.1-2) sid: resolved (fixed in 2.1.1-2) trixie: resolved (fixed in 2.1.1

CVE-2016-9075 [CRITICAL] CVE-2016-9075: firefox - An issue where WebExtensions can use the mozAddonManager API to elevate privileg... An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 50. Scope: local sid: resolved (fixed in 50.0-1)

CVE-2016-5277 [CRITICAL] CVE-2016-5277: firefox - Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Fi... Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation. S