Debian Firefox vulnerabilities

CVE-2026-4729 [CRITICAL] CVE-2026-4729: firefox - Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bug... Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149 and Thunderbird < 149. Scope: local sid: resolved (fixed in 149.0-1)

CVE-2026-4700 [CRITICAL] CVE-2026-4700: firefox - Mitigation bypass in the Networking: HTTP component. This vulnerability affects ... Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

CVE-2026-2773 [CRITICAL] CVE-2026-2773: firefox - Incorrect boundary conditions in the Web Audio component. This vulnerability aff... Incorrect boundary conditions in the Web Audio component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

CVE-2026-4723 [CRITICAL] CVE-2026-4723: firefox - Use-after-free in the JavaScript Engine component. This vulnerability affects Fi... Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Thunderbird < 149. Scope: local sid: resolved (fixed in 149.0-1)

CVE-2026-4721 [CRITICAL] CVE-2026-4721: firefox - Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird... Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9

CVE-2026-2789 [CRITICAL] CVE-2026-2789: firefox - Use-after-free in the Graphics: ImageLib component. This vulnerability affects F... Use-after-free in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

CVE-2026-4698 [CRITICAL] CVE-2026-4698: firefox - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability a... JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

CVE-2026-2771 [CRITICAL] CVE-2026-2771: firefox - Undefined behavior in the DOM: Core & HTML component. This vulnerability affects... Undefined behavior in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

CVE-2026-4705 [CRITICAL] CVE-2026-4705: firefox - Undefined behavior in the WebRTC: Signaling component. This vulnerability affect... Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

CVE-2026-4710 [CRITICAL] CVE-2026-4710: firefox - Incorrect boundary conditions in the Audio/Video component. This vulnerability a... Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

CVE-2026-2759 [CRITICAL] CVE-2026-2759: firefox - Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerab... Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

CVE-2026-2761 [CRITICAL] CVE-2026-2761: firefox - Sandbox escape in the Graphics: WebRender component. This vulnerability affects ... Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

CVE-2026-5735 [CRITICAL] CVE-2026-5735: firefox - Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of t... Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149.0.2 and Thunderbird < 149.0.2. Scope: local sid: resolved (fixed in 149.0.2-1)

CVE-2026-2757 [CRITICAL] CVE-2026-2757: firefox - Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnera... Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

CVE-2026-2791 [CRITICAL] CVE-2026-2791: firefox - Mitigation bypass in the Networking: Cache component. This vulnerability affects... Mitigation bypass in the Networking: Cache component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

CVE-2026-4692 [CRITICAL] CVE-2026-4692: firefox - Sandbox escape in the Responsive Design Mode component. This vulnerability affec... Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

CVE-2026-2760 [CRITICAL] CVE-2026-2760: firefox - Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender c... Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

CVE-2026-2797 [CRITICAL] CVE-2026-2797: firefox - Use-after-free in the JavaScript: GC component. This vulnerability affects Firef... Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148. Scope: local sid: resolved (fixed in 148.0-1)

CVE-2026-2777 [CRITICAL] CVE-2026-2777: firefox - Privilege escalation in the Messaging System component. This vulnerability affec... Privilege escalation in the Messaging System component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

CVE-2026-4688 [CRITICAL] CVE-2026-4688: firefox - Sandbox escape due to use-after-free in the Disability Access APIs component. Th... Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)