Debian Firefox vulnerabilities

CVE-2025-1936 [HIGH] CVE-2025-1936: firefox - jar: URLs retrieve local file content packaged in a ZIP archive. The null and ev... jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability affects Firef

CVE-2025-9185 [HIGH] CVE-2025-9185: firefox - Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbir... Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, F

CVE-2025-4091 [HIGH] CVE-2025-4091: firefox - Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, a... Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10. S

CVE-2025-1931 [HIGH] CVE-2025-1931: firefox - It was possible to cause a use-after-free in the content process side of a WebTr... It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. Scope: local sid: resolved (fixed in 136.0-1)

CVE-2025-14332 [HIGH] CVE-2025-14332: firefox - Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bug... Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146 and Thunderbird < 146. Scope: local sid: resolved (fixed in 146.0-1)

CVE-2025-9183 [MEDIUM] CVE-2025-9183: firefox - Spoofing issue in the Address Bar component. This vulnerability affects Firefox ... Spoofing issue in the Address Bar component. This vulnerability affects Firefox < 142 and Firefox ESR < 140.2. Scope: local sid: resolved (fixed in 142.0-1)

CVE-2025-3035 [MEDIUM] CVE-2025-3035: firefox - By first using the AI chatbot in one tab and later activating it in another tab,... By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability affects Firefox < 137. Scope: local sid: resolved (fixed in 137.0-1)

CVE-2025-1414 [MEDIUM] CVE-2025-1414: firefox - Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of... Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135.0.1. Scope: local sid: resolved (fixed in 135.0.1-1)

CVE-2025-3031 [MEDIUM] CVE-2025-3031: firefox - An attacker could read 32 bits of values spilled onto the stack in a JIT compile... An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability affects Firefox < 137 and Thunderbird < 137. Scope: local sid: resolved (fixed in 137.0-1)

CVE-2025-0239 [MEDIUM] CVE-2025-0239: firefox - When using Alt-Svc, ALPN did not properly validate certificates when the origina... When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Scope: local sid: resolved (fixed in 134.0-1)

CVE-2025-0237 [MEDIUM] CVE-2025-0237: firefox - The WebChannel API, which is used to transport various information across proces... The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Scope: local sid: resolved (fixed in 134.

CVE-2025-5267 [MEDIUM] CVE-2025-5267: firefox - A clickjacking vulnerability could have been used to trick a user into leaking s... A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11. Scope: local sid: resolved (fixed in 139.0-1)

CVE-2025-10529 [MEDIUM] CVE-2025-10529: firefox - Same-origin policy bypass in the Layout component. This vulnerability affects Fi... Same-origin policy bypass in the Layout component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. Scope: local sid: resolved (fixed in 143.0-1)

CVE-2025-4092 [MEDIUM] CVE-2025-4092: firefox - Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bug... Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138 and Thunderbird < 138. Scope: local sid: resolved (fixed in 138.0-1)

CVE-2025-4089 [MEDIUM] CVE-2025-4089: firefox - Due to insufficient escaping of special characters in the "copy as cURL" feature... Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 138 and Thunderbird < 138. Scope: local sid: resolved (fixed in 138.0-1)

CVE-2025-1013 [MEDIUM] CVE-2025-1013: firefox - A race condition could have led to private browsing tabs being opened in normal ... A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Scope: local sid: resolved (fixed in 135.0-1)

CVE-2025-0238 [MEDIUM] CVE-2025-0238: firefox - Assuming a controlled failed memory allocation, an attacker could have caused a ... Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6. Scope: local sid: resolved (fixed in 134.0-1)

CVE-2025-1934 [MEDIUM] CVE-2025-1934: firefox - It was possible to interrupt the processing of a RegExp bailout and run addition... It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. Scope: local sid: resolved (fixed in 136.0-1)

CVE-2025-8033 [MEDIUM] CVE-2025-8033: firefox - The JavaScript engine did not handle closed generators correctly and it was poss... The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. Scope: local sid: resolved (fixed in 141.0-1)

CVE-2025-4088 [MEDIUM] CVE-2025-4088: firefox - A security vulnerability in Thunderbird allowed malicious sites to use redirects... A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability affects Firefox < 138 and Thunderbird < 138. Scope: local sid: resolved (fixed in 138.0-