Debian Firefox vulnerabilities

CVE-2016-5293 [MEDIUM] CVE-2016-5293: firefox - When the Mozilla Updater is run, if the Updater's log file in the working direct... When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50. Scope: local sid: resolved

CVE-2016-5298 [MEDIUM] CVE-2016-5298: firefox - A mechanism where disruption of the loading of a new web page can cause the prev... A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 50. Scope: local sid: resolved

CVE-2016-2805 [HIGH] CVE-2016-2805: firefox - Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x befo... Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Scope: local sid: resolved

CVE-2011-2668 [HIGH] CVE-2011-2668: firefox - Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-le... Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header Scope: local sid: resolved

CVE-2011-2670 [MEDIUM] CVE-2011-2670: firefox - Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading S... Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets Scope: local sid: resolved

CVE-2011-2669 [MEDIUM] CVE-2011-2669: firefox - Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the vali... Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates. Scope: local sid: resolved

CVE-2007-0801 [MEDIUM] CVE-2007-0801: firefox - The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 crea... The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2006-1790 [CRITICAL] CVE-2006-1790: firefox - A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a den... A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption. Scope: local sid: resolved (fixed in 1.5)

CVE-2006-0884 [CRITICAL] CVE-2006-0884: firefox - The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 a... The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail. Scope: local sid: resolv

CVE-2006-1726 [CRITICAL] CVE-2006-1726: firefox - Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and Sea... Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.2-1)

CVE-2006-4340 [MEDIUM] CVE-2006-4340: firefox - Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla... Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE

CVE-2006-2779 [CRITICAL] CVE-2006-2779: firefox - Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a... Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory

CVE-2006-0292 [HIGH] CVE-2006-0292: firefox - The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does... The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.1-1)

CVE-2006-6503 [MEDIUM] CVE-2006-6503: firefox - Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5... Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2006-3677 [HIGH] CVE-2006-3677: firefox - Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote atta... Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.5-1)

CVE-2006-0294 [HIGH] CVE-2006-0294: firefox - Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, a... Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.1-1)

CVE-2006-2777 [HIGH] CVE-2006-2777: firefox - Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before... Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.4-1)

CVE-2006-3805 [HIGH] CVE-2006-3805: firefox - The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.... The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.5-1)

CVE-2006-1733 [MEDIUM] CVE-2006-1733: firefox - Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla S... Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL m

CVE-2006-6498 [MEDIUM] CVE-2006-6498: firefox - Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefo... Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and at