Debian Thunderbird vulnerabilities

CVE-2023-4045 [MEDIUM] CVE-2023-4045: firefox - Offscreen Canvas did not properly track cross-origin tainting, which could have ... Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Scope: local sid: resolved (fixed in 116.0-1)

CVE-2023-4573 [MEDIUM] CVE-2023-4573: firefox - When receiving rendering data over IPC `mStream` could have been destroyed when ... When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Scope: local sid: resolved (fixed in 117.0-1)

CVE-2023-5388 [MEDIUM] CVE-2023-5388: firefox - NSS was susceptible to a timing side-channel attack when performing RSA decrypti... NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Scope: local sid: resolved (fixed in 124.0-1)

CVE-2023-50761 [MEDIUM] CVE-2023-50761: thunderbird - The signature of a digitally signed S/MIME email message may optionally specify ... The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at

CVE-2023-23603 [MEDIUM] CVE-2023-23603: firefox - Regular expressions used to filter out forbidden properties and values from styl... Regular expressions used to filter out forbidden properties and values from style directives in calls to `console.log` weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7. Scope: local sid: resolved (fixed in 109.0-1)

CVE-2023-50762 [MEDIUM] CVE-2023-50762: thunderbird - When processing a PGP/MIME payload that contains digitally signed text, the firs... When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spo

CVE-2023-6205 [MEDIUM] CVE-2023-6205: firefox - It was possible to cause the use of a MessagePort after it had already been free... It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Scope: local sid: resolved (fixed in 120.0-1)

CVE-2023-23601 [MEDIUM] CVE-2023-23601: firefox - Navigations were being allowed when dragging a URL from a cross-origin iframe in... Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7. Scope: local sid: resolved (fixed in 109.0-1)

CVE-2023-5174 [CRITICAL] CVE-2023-5174: firefox - If Windows failed to duplicate a handle during process creation, the sandbox cod... If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This bug only affects Firefox on Windows when run in non-standard configurations (such as using `runas`). Other operating systems are unaffected.* This vulnerability affe

CVE-2023-28163 [MEDIUM] CVE-2023-28163: firefox - When downloading files through the Save As dialog on Windows with suggested file... When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. *This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102

CVE-2023-34414 [LOW] CVE-2023-34414: firefox - The error page for sites with invalid TLS certificates was missing the activatio... The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a site with a certificate error and made the renderer extremely busy at the s

CVE-2023-29531 [CRITICAL] CVE-2023-29531: firefox - An attacker could have caused an out of bounds memory access using WebGL APIs, l... An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. Scope: local sid: resolved

CVE-2023-5726 [MEDIUM] CVE-2023-5726: firefox - A website could have obscured the full screen notification by using the file ope... A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Scope: local sid: res

CVE-2023-4054 [MEDIUM] CVE-2023-4054: firefox - When opening appref-ms files, Firefox did not warn the user that these files may... When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird < 115.1. Scope: local sid: resolved

CVE-2023-4863 [HIGH] CVE-2023-4863: chromium - Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and lib... Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) Scope: local bookworm: resolved (fixed in 117.0.5938.62-1) bullseye: resolved (fixed in 117.0.5938.62-1) forky: resolved (fixed in 117.0.5938.62-1)

CVE-2023-5727 [MEDIUM] CVE-2023-5727: firefox - The executable file warning was not presented when downloading .msix, .msixbundl... The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Scope: local sid: re

CVE-2023-25738 [MEDIUM] CVE-2023-25738: firefox - Members of the <code>DEVMODEW</code> struct set by the printer device driver wer... Members of the DEVMODEW struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.

CVE-2023-29532 [MEDIUM] CVE-2023-29532: firefox - A local attacker can trick the Mozilla Maintenance Service into applying an unsi... A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. *Note: This attack requires local system acces

CVE-2023-23599 [MEDIUM] CVE-2023-23599: firefox - When copying a network request from the developer tools panel as a curl command ... When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7. Scope: local sid: resolved

CVE-2023-5168 [CRITICAL] CVE-2023-5168: firefox - A compromised content process could have provided malicious data to `FilterNodeD... A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Scop