Debian Firefox vulnerabilities

CVE-2016-2818 [HIGH] CVE-2016-2818: firefox - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox be... Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Scope: local sid: resolved (fixed in 47.0-1)

CVE-2016-9900 [HIGH] CVE-2016-9900: firefox - External resources that should be blocked when loaded by SVG images can bypass s... External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Scope: local sid: resolved (fixed in 50.1.0-1)

CVE-2016-2808 [HIGH] CVE-2016-2808: firefox - The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0... The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site. Scope: local sid: resolved (fixed i

CVE-2016-1949 [HIGH] CVE-2016-1949: firefox - Mozilla Firefox before 44.0.2 does not properly restrict the interaction between... Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2016-2794 [HIGH] CVE-2016-2794: firefox - The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 befor... The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2016-2800 [HIGH] CVE-2016-2800: firefox - The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as... The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792. Scope: local sid: resolv

CVE-2016-9068 [HIGH] CVE-2016-9068: firefox - A use-after-free during web animations when working with timelines resulting in ... A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50. Scope: local sid: resolved (fixed in 50.0-1)

CVE-2016-5261 [HIGH] CVE-2016-5261: firefox - Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mo... Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering. Scope: local sid: resolved (fixed in 48.0-1)

CVE-2016-9904 [HIGH] CVE-2016-9904: firefox - An attacker could use a JavaScript Map/Set timing attack to determine whether an... An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Scope: local sid: resolved (fixed i

CVE-2016-1973 [HIGH] CVE-2016-1973: firefox - Race condition in the GetStaticInstance function in the WebRTC implementation in... Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2016-5283 [HIGH] CVE-2016-5283: firefox - Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Po... Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized. Scope: local sid: resolved (fixed in 49.0-1)

CVE-2016-5263 [HIGH] CVE-2016-5263: firefox - The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox E... The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion." Scope: local sid: resolved (fixed in 48.0-1)

CVE-2016-9073 [HIGH] CVE-2016-9073: firefox - WebExtensions can bypass security checks to load privileged URLs and potentially... WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50. Scope: local sid: resolved (fixed in 50.0-1)

CVE-2016-5259 [HIGH] CVE-2016-5259: firefox - Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Moz... Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop. Scope: local sid: resolved (fixed in 48.0-1)

CVE-2016-1966 [HIGH] CVE-2016-1966: firefox - The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp ... The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2016-9079 [HIGH] CVE-2016-9079: firefox - A use-after-free vulnerability in SVG Animation has been discovered. An exploit ... A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1. Scope: local sid: resolved (fixed in 50.0.2-1)

CVE-2016-1961 [HIGH] CVE-2016-1961: firefox - Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html... Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2016-1953 [HIGH] CVE-2016-1953: firefox - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox be... Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2016-2790 [HIGH] CVE-2016-2790: firefox - The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as use... The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. Scope: local sid: resolved (f

CVE-2016-5284 [HIGH] CVE-2016-5284: firefox - Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.... Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority. Scope: local sid: