Search for packages
| purl | pkg:deb/debian/firefox-esr@68.1.0esr-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-4seg-6hwv-3qaw | The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security (HSTS) settings received from sites that use it. Due to a bug, sites on the pre-load list also have their HSTS setting removed. On the next visit to that site if the user specifies an http: URL rather than secure https: they will not be protected by the pre-loaded HSTS setting. After that visit the site's HSTS setting will be restored. |
CVE-2019-11747
|
| VCID-6z7n-s34h-nbed | Mozilla developers and community members Mikhail Gavrilov, Tyson Smith, Marcia Knous, Tom Ritter, Philipp, and Bob Owens reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
CVE-2019-11735
|
| VCID-ccbk-bcjn-9ygr | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11740
|
| VCID-cupx-f8h2-dbfw | WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web content and abusing permissions previously given by users. Users will now be prompted for permissions on each use. |
CVE-2019-11748
|
| VCID-fr2x-ad9j-jyej | If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. |
CVE-2019-11738
|
| VCID-hpnv-s73g-8yhp | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2019-9812
|
| VCID-pt8y-85gt-8kge | A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users. |
CVE-2019-11749
|
| VCID-s326-zdyp-67ev | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11742
|
| VCID-scqu-uppe-w3h3 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11744
|
| VCID-tfa3-jx19-h7bz | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11746
|
| VCID-tjkj-zeeh-xqcy | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11752
|
| VCID-wd3w-em5q-y7cj | A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. |
CVE-2019-11750
|
| VCID-xt5q-bfq6-73bn | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11743
|