Debian Thunderbird vulnerabilities

CVE-2023-5171 [MEDIUM] CVE-2023-5171: firefox - During Ion compilation, a Garbage Collection could have resulted in a use-after-... During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Scope: local sid: resolved (fixed in 118.0-1)

CVE-2023-25751 [MEDIUM] CVE-2023-25751: firefox - Sometimes, when invalidating JIT code while following an iterator, the newly gen... Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Scope: local sid: resolved (fixed in 111.0-1)

CVE-2023-4580 [MEDIUM] CVE-2023-4580: firefox - Push notifications stored on disk in private browsing mode were not being encryp... Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Scope: local sid: resolved (fixed in 117.0-1)

CVE-2023-29535 [MEDIUM] CVE-2023-29535: firefox - Following a Garbage Collector compaction, weak maps may have been accessed befor... Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Scope: local sid: resolved (fixed in 112.0

CVE-2023-1999 [MEDIUM] CVE-2023-1999: firefox - There exists a use after free/double free in libwebp. An attacker can use the Ap... There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. Scope: local s

CVE-2023-25730 [MEDIUM] CVE-2023-25730: firefox - A background script invoking <code>requestFullscreen</code> and then blocking th... A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-6209 [MEDIUM] CVE-2023-6209: firefox - Relative URLs starting with three slashes were incorrectly parsed, and a path-tr... Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Scope: local sid: resolved (fixed in 120.0-1)

CVE-2023-32206 [MEDIUM] CVE-2023-32206: firefox - An out-of-bound read could have led to a crash in the RLBox Expat driver. This v... An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Scope: local sid: resolved (fixed in 113.0-1)

CVE-2023-28164 [MEDIUM] CVE-2023-28164: firefox - Dragging a URL from a cross-origin iframe that was removed during the drag could... Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Scope: local sid: resolved (fixed in 111.0-1)

CVE-2023-6860 [MEDIUM] CVE-2023-6860: firefox - The `VideoBridge` allowed any content process to use textures produced by remote... The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-5725 [MEDIUM] CVE-2023-5725: firefox - A malicious installed WebExtension could open arbitrary URLs, which under the ri... A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Scope: local sid: resolved (fixed in 119.0-1)

CVE-2023-29533 [MEDIUM] CVE-2023-29533: firefox - A website could have obscured the fullscreen notification by using a combination... A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird

CVE-2023-32211 [MEDIUM] CVE-2023-32211: firefox - A type checking bug would have led to invalid code being compiled. This vulnerab... A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Scope: local sid: resolved (fixed in 113.0-1)

CVE-2023-29548 [MEDIUM] CVE-2023-29548: firefox - A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optim... A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Scope: local sid: resolved (fixed in 112.0-1)

CVE-2023-25728 [MEDIUM] CVE-2023-25728: firefox - The <code>Content-Security-Policy-Report-Only</code> header could allow an attac... The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-0430 [MEDIUM] CVE-2023-0430: thunderbird - Certificate OCSP revocation status was not checked when verifying S/Mime signatu... Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird < 102.7.1. Scope: local bookworm: resolved (fixed in 1:102.7.1+1-1) bullseye: resolved

CVE-2023-4577 [MEDIUM] CVE-2023-4577: firefox - When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could alre... When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Scope: local sid: resolved (fixed in 117.0-1)

CVE-2023-5732 [MEDIUM] CVE-2023-5732: firefox-esr - An attacker could have created a malicious link using bidirectional characters t... An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Scope: local bookworm: resolved (fixed in 115.4.0esr-1~deb12u1) bullseye: resolved (fixed in 115.4.0esr-1~deb11u1) forky: resolved (fixed in

CVE-2023-4581 [MEDIUM] CVE-2023-4581: firefox - Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable... Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Scope: local sid: resolved (fixed in 117.0-1)

CVE-2023-25742 [MEDIUM] CVE-2023-25742: firefox - When importing a SPKI RSA public key as ECDSA P-256, the key would be handled in... When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)