Debian Thunderbird vulnerabilities

CVE-2023-32214 [HIGH] CVE-2023-32214: firefox - Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigge... Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Scope: local sid: resolved

CVE-2023-29542 [CRITICAL] CVE-2023-29542: firefox - A newline in a filename could have been used to bypass the file extension securi... A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability af

CVE-2023-25734 [HIGH] CVE-2023-25734: firefox - After downloading a Windows <code>.url</code> shortcut from the local filesystem... After downloading a Windows .url shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firef

CVE-2023-4052 [MEDIUM] CVE-2023-4052: firefox - The Firefox updater created a directory writable by non-privileged users. When u... The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This

CVE-2023-29545 [MEDIUM] CVE-2023-29545: firefox - Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested fil... Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.1

CVE-2023-4582 [HIGH] CVE-2023-4582: firefox - Due to large allocation checks in Angle for glsl shaders being too lenient a buf... Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occurred when allocating too much private shader memory on mac OS. *This bug only affects Firefox on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Scope: local sid: resolved

CVE-2023-4576 [HIGH] CVE-2023-4576: firefox - On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` w... On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thund

CVE-2022-26384 [CRITICAL] CVE-2022-26384: firefox - If an attacker could control the contents of an iframe sandboxed with <code>allo... If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. Scope: local sid: resolved (fixed in 98.0-1)

CVE-2022-26486 [CRITICAL] CVE-2022-26486: firefox - An unexpected message in the WebGPU IPC framework could lead to a use-after-free... An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. Scope: local sid: resolved (fixed in 99.0-1)

CVE-2022-31736 [CRITICAL] CVE-2022-31736: firefox - A malicious website could have learned the size of a cross-origin resource that ... A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Scope: local sid: resolved (fixed in 101.0-1)

CVE-2022-46882 [CRITICAL] CVE-2022-46882: firefox - A use-after-free in WebGL extensions could have led to a potentially exploitable... A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6. Scope: local sid: resolved (fixed in 107.0-1)

CVE-2022-31747 [CRITICAL] CVE-2022-31747: firefox - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing... Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10,

CVE-2022-45406 [CRITICAL] CVE-2022-45406: firefox - If an out-of-memory condition occurred when creating a JavaScript global, a Java... If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed in 107.0-

CVE-2022-34470 [CRITICAL] CVE-2022-34470: firefox - Session history navigations may have led to a use-after-free and potentially exp... Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Scope: local sid: resolved (fixed in 102.0-1)

CVE-2022-22759 [CRITICAL] CVE-2022-22759: firefox - If a document created a sandboxed iframe without <code>allow-scripts</code>, and... If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Scope: local sid: resolved (fixed in 97.0-1)

CVE-2022-31737 [CRITICAL] CVE-2022-31737: firefox - A malicious webpage could have caused an out-of-bounds write in WebGL, leading t... A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Scope: local sid: resolved (fixed in 101.0-1)

CVE-2022-29917 [CRITICAL] CVE-2022-29917: firefox - Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla... Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird <

CVE-2022-3033 [HIGH] CVE-2022-3033: thunderbird - If a Thunderbird user replied to a crafted HTML email containing a <code>meta</c... If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. In combination with certain other HTML elements and attributes in the

CVE-2022-22738 [HIGH] CVE-2022-22738: firefox - Applying a CSS filter effect could have accessed out of bounds memory. This coul... Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)

CVE-2022-45412 [HIGH] CVE-2022-45412: firefox - When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error m... When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. *This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.*. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and F