Debian Firefox-Esr vulnerabilities

1,071 known vulnerabilities affecting debian/firefox-esr.

Total CVEs

1,071

CISA KEV

11

actively exploited

Public exploits

23

Exploited in wild

15

Severity breakdown

CRITICAL236HIGH418MEDIUM292LOW125

Vulnerabilities

Page 54 of 54

CVE-2006-6499HIGHCVSS 4.3fixed in firefox 45.0-1 (sid)2006

CVE-2006-6499 [MEDIUM] CVE-2006-6499: firefox - The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9... The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2006-6502HIGHCVSS 7.1fixed in firefox 45.0-1 (sid)2006

CVE-2006-6502 [HIGH] CVE-2006-6502: firefox - Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox ... Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown vectors. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2006-5747HIGHCVSS 7.5fixed in firefox 45.0-1 (sid)2006

CVE-2006-5747 [HIGH] CVE-2006-5747: firefox - Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before ... Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2006-5462HIGHCVSS 4.0fixed in firefox 45.0-1 (sid)2006

CVE-2006-5462 [MEDIUM] CVE-2006-5462: firefox - Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla... Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for u

CVE-2006-5463HIGHCVSS 7.5fixed in firefox 45.0-1 (sid)2006

CVE-2006-5463 [HIGH] CVE-2006-5463: firefox - Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before ... Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2006-4310MEDIUMCVSS 4.3PoCfixed in firefox 45.0-1 (sid)2006

CVE-2006-4310 [MEDIUM] CVE-2006-4310: firefox - Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (cr... Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2006-6585MEDIUMCVSS 6.4fixed in firefox 45.0-1 (sid)2006

CVE-2006-6585 [MEDIUM] CVE-2006-6585: firefox - The Extensions manager in Mozilla Firefox 2.0 does not properly populate the lis... The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected. Scope: local sid: resolved (fixed in

CVE-2006-6497MEDIUMCVSS 6.8fixed in firefox 45.0-1 (sid)2006

CVE-2006-6497 [MEDIUM] CVE-2006-6497: firefox - Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.... Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown attack vectors. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2006-5464LOWCVSS 5.0fixed in firefox 45.0-1 (sid)2006

CVE-2006-5464 [MEDIUM] CVE-2006-5464: firefox - Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox bef... Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2006-2723LOWCVSS 5.0PoCfixed in firefox 45.0-1 (sid)2006

CVE-2006-2723 [MEDIUM] CVE-2006-2723: firefox - Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial... Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags. NOTE: a followup post indicated that the initial report could not be verified. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2006-5633LOWCVSS 5.0PoCfixed in firefox 45.0-1 (sid)2006

CVE-2006-5633 [MEDIUM] CVE-2006-5633: firefox - Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a ... Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was poss

← Previous54 / 54