Debian Thunderbird vulnerabilities

CVE-2023-29541 [HIGH] CVE-2023-29541: firefox - Firefox did not properly handle downloads of files ending in <code>.desktop</cod... Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. *This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Andro

CVE-2023-6212 [HIGH] CVE-2023-6212: firefox - Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 11... Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Scope: local sid: resolved (fixed in

CVE-2023-3417 [HIGH] CVE-2023-3417: thunderbird - Thunderbird allowed the Text Direction Override Unicode Character in filenames. ... Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1 and Thunderbird < 102.13.1. Sco

CVE-2023-28176 [HIGH] CVE-2023-28176: firefox - Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these b... Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Scope: local sid: resolved (fixed in 111.0-1)

CVE-2023-37211 [HIGH] CVE-2023-37211: firefox - Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 1... Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Scope: local sid: resolved (fixed

CVE-2023-4050 [HIGH] CVE-2023-4050: firefox - In some cases, an untrusted input stream was copied to a stack buffer without ch... In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Scope: local sid: resolved (fixed in 116.0-1)

CVE-2023-4047 [HIGH] CVE-2023-4047: firefox - A bug in popup notifications delay calculation could have made it possible for a... A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Scope: local sid: resolved (fixed in 116.0-1)

CVE-2023-23605 [HIGH] CVE-2023-23605: firefox - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs pres... Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.

CVE-2023-6856 [HIGH] CVE-2023-6856: firefox - The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overfl... The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-6858 [HIGH] CVE-2023-6858: firefox - Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to ins... Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-29550 [HIGH] CVE-2023-29550: firefox - Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these b... Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Sco

CVE-2023-0767 [HIGH] CVE-2023-0767: firefox - An attacker could construct a PKCS 12 cert bundle in such a way that could allow... An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-25739 [HIGH] CVE-2023-25739: firefox - Module load requests that failed were not being checked as to whether or not the... Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in ScriptLoadContext. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-4055 [HIGH] CVE-2023-4055: firefox - When the number of cookies per domain was exceeded in `document.cookie`, the act... When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Scope: local sid: resolved (fixed in 116.0

CVE-2023-25732 [HIGH] CVE-2023-25732: firefox - When encoding data from an <code>inputStream</code> in <code>xpcom</code> the si... When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-25746 [HIGH] CVE-2023-25746: firefox-esr - Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evide... Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8. Scope: local bookworm: resolved (fixed in 102.8.0esr-1) bullseye: resolved (fixed in

CVE-2023-29536 [HIGH] CVE-2023-29536: firefox - An attacker could cause the memory manager to incorrectly free a pointer that ad... An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Scope: local sid: resolved (

CVE-2023-6873 [HIGH] CVE-2023-6873: firefox - Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of... Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-25735 [HIGH] CVE-2023-25735: firefox - Cross-compartment wrappers wrapping a scripted proxy could have caused objects f... Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-37202 [HIGH] CVE-2023-37202: firefox - Cross-compartment wrappers wrapping a scripted proxy could have caused objects f... Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Scope: local sid: resolved (fixed in 115.0-1)