Debian Thunderbird vulnerabilities

CVE-2020-26950 [HIGH] CVE-2020-26950: firefox - In certain circumstances, the MCallGetProperty opcode can be emitted with unmet ... In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2. Scope: local sid: resolved (fixed in 82.0.3-1)

CVE-2020-15677 [MEDIUM] CVE-2020-15677: firefox - By exploiting an Open Redirect vulnerability on a website, an attacker could hav... By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. Scope: local si

CVE-2020-12405 [MEDIUM] CVE-2020-12405: firefox - When browsing a malicious page, a race condition in our SharedWorkerService coul... When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. Scope: local sid: resolved (fixed in 77.0-1)

CVE-2020-12397 [MEDIUM] CVE-2020-12397: thunderbird - By encoding Unicode whitespace characters within the From email header, an attac... By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0. Scope: local bookworm: resolved (fixed in 1:68.8.0-1) bullseye: resolved (fixed in 1:68.8.0-1) forky: resolved (fixed in 1:68.8.0-1) sid: resolved (fixed in 1:68.8.0-1

CVE-2020-15676 [MEDIUM] CVE-2020-15676: firefox - Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer... Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. Scope: local sid: resolved (fixed in 81.0-1)

CVE-2020-15646 [MEDIUM] CVE-2020-15646: thunderbird - If an attacker intercepts Thunderbird's initial attempt to perform automatic acc... If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This vulnerability affects Thunderbird < 68.10.0. Scope: local bookworm: resol

CVE-2020-26965 [MEDIUM] CVE-2020-26965: firefox - Some websites have a feature "Show Password" where clicking a button will change... Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility

CVE-2020-15655 [MEDIUM] CVE-2020-15655: firefox - A redirected HTTP request which is observed or modified through a web extension ... A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. Scope: local sid: resolved (fixed in 79.0-1)

CVE-2020-15652 [MEDIUM] CVE-2020-15652: firefox - By observing the stack trace for JavaScript errors in web workers, it was possib... By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. Scope: local sid: resolved (fixed in 79.0-1)

CVE-2020-6795 [MEDIUM] CVE-2020-6795: thunderbird - When processing a message that contains multiple S/MIME signatures, a bug in the... When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash. This vulnerability affects Thunderbird < 68.5. Scope: local bookworm: resolved (fixed in 1:68.5.0-1) bullseye: resolved (fixed in 1:68.5.0-1) forky: resolved (fixed in 1:68.5.0-1) sid: resolve

CVE-2020-26958 [MEDIUM] CVE-2020-26958: firefox - Firefox did not block execution of scripts with incorrect MIME types when the re... Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Scope: local sid: resolved (fixed in 83.0

CVE-2020-12399 [MEDIUM] CVE-2020-12399: firefox - NSS has shown timing differences when performing DSA signatures, which was explo... NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. Scope: local sid: resolved (fixed in 77.0-1)

CVE-2020-15654 [MEDIUM] CVE-2020-15654: firefox - When in an endless loop, a website specifying a custom cursor using CSS could ma... When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunder

CVE-2020-15653 [MEDIUM] CVE-2020-15653: firefox - An iframe sandbox element with the allow-popups flag could be bypassed when usin... An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. Scope: local sid: resolved (fixed in 79.0-1)

CVE-2020-12421 [MEDIUM] CVE-2020-12421: firefox - When performing add-on updates, certificate chains terminating in non-built-in-r... When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. Scope: local sid: reso

CVE-2020-35111 [MEDIUM] CVE-2020-35111: firefox - When an extension with the proxy permission registered to receive <all_urls>, th... When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. Scope: local sid: r

CVE-2020-26951 [MEDIUM] CVE-2020-26951: firefox - A parsing and event loading mismatch in Firefox's SVG code could have allowed lo... A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Sco

CVE-2020-26976 [MEDIUM] CVE-2020-26976: firefox - When a HTTPS pages was embedded in a HTTP page, and there was a service worker r... When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84. Scope: local sid: resolved (fixed in 84.0-1)

CVE-2020-26961 [MEDIUM] CVE-2020-26961: firefox - When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP r... When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5,

CVE-2020-6798 [MEDIUM] CVE-2020-6798: firefox - If a template tag was used in a select tag, the parser could be confused and all... If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is d