Debian Thunderbird vulnerabilities

CVE-2024-6600 [MEDIUM] CVE-2024-6600: firefox - Due to large allocation checks in Angle for GLSL shaders being too lenient an ou... Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on macOS. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. Scope: local sid: resolved

CVE-2024-11691 [HIGH] CVE-2024-11691: firefox - Certain WebGL operations on Apple silicon M series devices could have lead to an... Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Th

CVE-2024-5692 [MEDIUM] CVE-2024-5692: firefox - On Windows 10, when using the 'Save As' functionality, an attacker could have tr... On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR

CVE-2024-11693 [CRITICAL] CVE-2024-11693: firefox - The executable file warning was not presented when downloading .library-ms files... The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. Scope: local sid: resolved

CVE-2024-8394 [MEDIUM] CVE-2024-8394: thunderbird - When aborting the verification of an OTR chat session, an attacker could have ca... When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 1:128.2.0esr-1) sid: resolved (fixed in 1:128.2.0esr-1) trixie: resolved (fixed in 1:128.

CVE-2024-11698 [CRITICAL] CVE-2024-11698: firefox - A flaw in handling fullscreen transitions may have inadvertently caused the appl... A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing "Esc" or accessing right-click menus, resulting in a disrupted browsing experience until the brow

CVE-2024-2616 [LOW] CVE-2024-2616: firefox-esr - To harden ICU against exploitation, the behavior for out-of-memory conditions wa... To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9. Scope: local bookworm: resolved (fixed in 115.9.0esr-1~deb12u1) bullseye: resolved (fixed in 115.9.0esr-1~deb11u1) forky: resolved (fixed in 115.9.0esr-1) sid: reso

CVE-2024-3302 [LOW] CVE-2024-3302: firefox - There was no limit to the number of HTTP/2 CONTINUATION frames that would be pro... There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Scope: local sid: resolved (fixed in 125.0.1-1)

CVE-2023-5730 [CRITICAL] CVE-2023-5730: firefox - Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 11... Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Scope: local sid: resolved (fixed

CVE-2023-4056 [CRITICAL] CVE-2023-4056: firefox - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13... Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 1

CVE-2023-4057 [CRITICAL] CVE-2023-4057: firefox - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 11... Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1. Scope: local sid: resolved (fixed i

CVE-2023-34416 [CRITICAL] CVE-2023-34416: firefox - Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 1... Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12. Scope: local sid: resolved (f

CVE-2023-5176 [CRITICAL] CVE-2023-5176: firefox - Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 11... Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Scope: local sid: resolved (fixed i

CVE-2023-25744 [HIGH] CVE-2023-25744: firefox - Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these ... Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-6207 [HIGH] CVE-2023-6207: firefox - Ownership mismanagement led to a use-after-free in ReadableByteStreams This vuln... Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Scope: local sid: resolved (fixed in 120.0-1)

CVE-2023-6861 [HIGH] CVE-2023-6861: firefox - The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflo... The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-3600 [HIGH] CVE-2023-3600: firefox - During the worker lifecycle, a use-after-free condition could have occurred, whi... During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1. Scope: local sid: resolved (fixed in 115.0.2-1)

CVE-2023-32215 [HIGH] CVE-2023-32215: firefox - Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily M... Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to r

CVE-2023-32207 [HIGH] CVE-2023-32207: firefox - A missing delay in popup notifications could have made it possible for an attack... A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Scope: local sid: resolved (fixed in 113.0-1)

CVE-2023-5217 [HIGH] CVE-2023-5217: chromium - Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5... Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 117.0.5938.132-1~deb12u1) bullseye: resolved (fixed in 117.0.5938.132-1~deb11u1) forky: resolved