Debian Firefox vulnerabilities

1,810 known vulnerabilities affecting debian/firefox.

Total CVEs

1,810

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL333HIGH633MEDIUM542LOW302

Vulnerabilities

Page 11 of 91

CVE-2025-1937HIGHCVSS 7.5fixed in firefox 136.0-1 (sid)2025

CVE-2025-1937 [HIGH] CVE-2025-1937: firefox - Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, ... Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thund

debian

CVE-2025-9180HIGHCVSS 8.1fixed in firefox 142.0-1 (sid)2025

CVE-2025-9180 [HIGH] CVE-2025-9180: firefox - Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerabilit... Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. Scope: local sid: resolved (fixed in 142.0-1)

debian

CVE-2025-11152HIGHCVSS 8.6fixed in firefox 143.0.3-1 (sid)2025

CVE-2025-11152 [HIGH] CVE-2025-11152: firefox - Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This... Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143.0.3. Scope: local sid: resolved (fixed in 143.0.3-1)

debian

CVE-2025-11714HIGHCVSS 8.8fixed in firefox 144.0-1 (sid)2025

CVE-2025-11714 [HIGH] CVE-2025-11714: firefox - Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird... Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4,

debian

CVE-2025-1943HIGHCVSS 8.2fixed in firefox 136.0-1 (sid)2025

CVE-2025-1943 [HIGH] CVE-2025-1943: firefox - Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bug... Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136 and Thunderbird < 136. Scope: local sid: resolved (fixed in 136.0-1)

debian

CVE-2025-10527HIGHCVSS 7.1fixed in firefox 143.0-1 (sid)2025

CVE-2025-10527 [HIGH] CVE-2025-10527: firefox - Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This v... Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. Scope: local sid: resolved (fixed in 143.0-1)

debian

CVE-2025-14325HIGHCVSS 7.3fixed in firefox 146.0-1 (sid)2025

CVE-2025-14325 [HIGH] CVE-2025-14325: firefox - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability a... JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. Scope: local sid: resolved (fixed in 146.0-1)

debian

CVE-2025-3034HIGHCVSS 8.1fixed in firefox 137.0-1 (sid)2025

CVE-2025-3034 [HIGH] CVE-2025-3034: firefox - Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bug... Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 137 and Thunderbird < 137. Scope: local sid: resolved (fixed in 137.0-1)

debian

CVE-2025-8040HIGHCVSS 8.8fixed in firefox 141.0-1 (sid)2025

CVE-2025-8040 [HIGH] CVE-2025-8040: firefox - Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox ... Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

debian

CVE-2025-6436HIGHCVSS 8.1fixed in firefox 140.0-1 (sid)2025

CVE-2025-6436 [HIGH] CVE-2025-6436: firefox - Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bug... Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 140 and Thunderbird < 140. Scope: local sid: resolved (fixed in 140.0-1)

debian

CVE-2025-14327HIGHCVSS 7.5fixed in firefox 146.0-1 (sid)2025

CVE-2025-14327 [HIGH] CVE-2025-14327: firefox - Spoofing issue in the Downloads Panel component. This vulnerability affects Fire... Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146, Thunderbird < 146, Firefox ESR < 140.7, and Thunderbird < 140.7. Scope: local sid: resolved (fixed in 146.0-1)

debian

CVE-2025-13018HIGHCVSS 8.1fixed in firefox 145.0-1 (sid)2025

CVE-2025-13018 [HIGH] CVE-2025-13018: firefox - Mitigation bypass in the DOM: Security component. This vulnerability affects Fir... Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. Scope: local sid: resolved (fixed in 145.0-1)

debian

CVE-2025-8039HIGHCVSS 8.1fixed in firefox 141.0-1 (sid)2025

CVE-2025-8039 [HIGH] CVE-2025-8039: firefox - In some cases search terms persisted in the URL bar even after navigating away f... In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. Scope: local sid: resolved (fixed in 141.0-1)

debian

CVE-2025-11715HIGHCVSS 8.8fixed in firefox 144.0-1 (sid)2025

CVE-2025-11715 [HIGH] CVE-2025-11715: firefox - Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox ... Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4

debian

CVE-2025-5270HIGHCVSS 7.5fixed in firefox 139.0-1 (sid)2025

CVE-2025-5270 [HIGH] CVE-2025-5270: firefox - In certain cases, SNI could have been sent unencrypted even when encrypted DNS w... In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability affects Firefox < 139 and Thunderbird < 139. Scope: local sid: resolved (fixed in 139.0-1)

debian

CVE-2025-13012HIGHCVSS 7.5fixed in firefox 145.0-1 (sid)2025

CVE-2025-13012 [HIGH] CVE-2025-13012: firefox - Race condition in the Graphics component. This vulnerability affects Firefox < 1... Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. Scope: local sid: resolved (fixed in 145.0-1)

debian

CVE-2025-1012HIGHCVSS 7.5fixed in firefox 135.0-1 (sid)2025

CVE-2025-1012 [HIGH] CVE-2025-1012: firefox - A race during concurrent delazification could have led to a use-after-free. This... A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Scope: local sid: resolved (fixed in 135.0-1)

debian

CVE-2025-13014HIGHCVSS 8.8fixed in firefox 145.0-1 (sid)2025

CVE-2025-13014 [HIGH] CVE-2025-13014: firefox - Use-after-free in the Audio/Video component. This vulnerability affects Firefox ... Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. Scope: local sid: resolved (fixed in 145.0-1)

debian

CVE-2025-14333HIGHCVSS 8.1fixed in firefox 146.0-1 (sid)2025

CVE-2025-14333 [HIGH] CVE-2025-14333: firefox - Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox ... Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6

debian

CVE-2025-13027HIGHCVSS 8.1fixed in firefox 145.0-1 (sid)2025

CVE-2025-13027 [HIGH] CVE-2025-13027: firefox - Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bug... Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 145 and Thunderbird < 145. Scope: local sid: resolved (fixed in 145.0-1)

debian

← Previous11 / 91Next →