Debian Thunderbird vulnerabilities

CVE-2023-25752 [MEDIUM] CVE-2023-25752: firefox - When accessing throttled streams, the count of available bytes needed to be chec... When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Scope: local sid: resolved (fixed in 111.0-1)

CVE-2023-4578 [MEDIUM] CVE-2023-4578: firefox - When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which wo... When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 1

CVE-2023-23602 [MEDIUM] CVE-2023-23602: firefox - A mishandled security check when creating a WebSocket in a WebWorker caused the ... A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7. Scope: local sid: resolved (fixed in 109.0-1)

CVE-2023-4049 [MEDIUM] CVE-2023-4049: firefox - Race conditions in reference counting code were found through code inspection. T... Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Scope: local sid: resolved (fixed in 116.0-1)

CVE-2023-32212 [MEDIUM] CVE-2023-32212: firefox - An attacker could have positioned a `datalist` element to obscure the address ba... An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Scope: local sid: resolved (fixed in 113.0-1)

CVE-2023-4575 [MEDIUM] CVE-2023-4575: firefox - When creating a callback over IPC for showing the File Picker window, multiple o... When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Fi

CVE-2023-4574 [MEDIUM] CVE-2023-4574: firefox - When creating a callback over IPC for showing the Color Picker window, multiple ... When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, F

CVE-2023-0616 [MEDIUM] CVE-2023-0616: thunderbird - If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderb... If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderb

CVE-2023-5169 [MEDIUM] CVE-2023-5169: firefox - A compromised content process could have provided malicious data in a `PathRecor... A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Scope: local sid: resolved (fixed in 118.0-1)

CVE-2023-29479 [MEDIUM] CVE-2023-29479: rnp - Ribose RNP before 0.16.3 may hang when the input is malformed. Ribose RNP before 0.16.3 may hang when the input is malformed. Scope: local bookworm: resolved (fixed in 0.16.3-1) forky: resolved (fixed in 0.16.3-1) sid: resolved (fixed in 0.16.3-1) trixie: resolved (fixed in 0.16.3-1)

CVE-2023-6204 [MEDIUM] CVE-2023-6204: firefox - On some systems—depending on the graphics settings and drivers—it was possible t... On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Scope: local sid: resolved (fixed in 120.0-1)

CVE-2023-1945 [MEDIUM] CVE-2023-1945: firefox-esr - Unexpected data returned from the Safe Browsing API could have led to memory cor... Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10. Scope: local bookworm: resolved (fixed in 102.10.0esr-1) bullseye: resolved (fixed in 102.10.0esr-1~deb11u1) forky: resolved (fixed in 102.10.0esr-1) sid: resolved (

CVE-2023-6857 [MEDIUM] CVE-2023-6857: firefox - When resolving a symlink, a race may occur where the buffer passed to `readlink`... When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-6206 [MEDIUM] CVE-2023-6206: firefox - The black fade animation when exiting fullscreen is roughly the length of the an... The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Scope: local sid:

CVE-2023-4046 [MEDIUM] CVE-2023-4046: firefox - In some circumstances, a stale value could have been used for a global variable ... In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Scope: local sid: resolved (fixed in 116.0-1)

CVE-2023-23598 [MEDIUM] CVE-2023-23598: firefox - Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK tr... Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to `DataTransfer.setData`. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7. Scope: local sid: resolved (fixed in 109.0-1)

CVE-2023-37207 [MEDIUM] CVE-2023-37207: firefox - A website could have obscured the fullscreen notification by using a URL with a ... A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Scope: local sid: resolved (fixed in 115.0-1)

CVE-2023-4053 [MEDIUM] CVE-2023-4053: firefox - A website could have obscured the full screen notification by using a URL with a... A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2. Scope: local sid: resolved (fixed in 116.0-1)

CVE-2023-0547 [MEDIUM] CVE-2023-0547: thunderbird - OCSP revocation status of recipient certificates was not checked when sending S/... OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10. Scope: local bookworm: resolved (fixed in 1:102.10.0-1) bullseye: resolved (fixed in 1:102.10.0-1~deb1

CVE-2023-32205 [MEDIUM] CVE-2023-32205: firefox - In multiple cases browser prompts could have been obscured by popups controlled ... In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Scope: local sid: resolved (fixed in 113.0-1)