Debian Firefox vulnerabilities
1,550 known vulnerabilities affecting debian/firefox.
Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42
Vulnerabilities
Page 12 of 78
CVE-2018-5127P3HIGHCVSS 8.8fixed in firefox 59.0-1 (sid)2018
CVE-2018-5127 [HIGH] CVE-2018-5127: firefox - A buffer overflow can occur when manipulating the SVG "animatedPathSegList" thro...
A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
Scope: local
sid: resolved (fixed in 59.0-1)
debian
CVE-2017-7778P3CRITICALCVSS 9.8fixed in firefox 54.0-1 (sid)2017
CVE-2017-7778 [CRITICAL] CVE-2017-7778: firefox - A number of security vulnerabilities in the Graphite 2 library including out-of-...
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
Scope: local
sid: resolved (fixed in 54.0-1)
debian
CVE-2016-5281P3CRITICALCVSS 9.8fixed in firefox 49.0-1 (sid)2016
CVE-2016-5281 [CRITICAL] CVE-2016-5281: firefox - Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before...
Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.
Scope: local
sid: resolved (fixed in 49.0-1)
debian
CVE-2026-2806P3CRITICALCVSS 9.1fixed in firefox 148.0-1 (sid)2026
CVE-2026-2806 [CRITICAL] CVE-2026-2806: firefox - Uninitialized memory in the Graphics: Text component. This vulnerability affects...
Uninitialized memory in the Graphics: Text component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
Scope: local
sid: resolved (fixed in 148.0-1)
debian
CVE-2023-6207P3HIGHCVSS 8.8fixed in firefox 120.0-1 (sid)2023
CVE-2023-6207 [HIGH] CVE-2023-6207: firefox - Ownership mismanagement led to a use-after-free in ReadableByteStreams This vuln...
Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Scope: local
sid: resolved (fixed in 120.0-1)
debian
CVE-2023-29541P3HIGHCVSS 8.8fixed in firefox 112.0-1 (sid)2023
CVE-2023-29541 [HIGH] CVE-2023-29541: firefox - Firefox did not properly handle downloads of files ending in <code>.desktop</cod...
Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. *This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Andro
debian
CVE-2016-9900P3HIGHCVSS 7.5fixed in firefox 50.1.0-1 (sid)2016
CVE-2016-9900 [HIGH] CVE-2016-9900: firefox - External resources that should be blocked when loaded by SVG images can bypass s...
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
Scope: local
sid: resolved (fixed in 50.1.0-1)
debian
CVE-2024-7520P3HIGHCVSS 8.8fixed in firefox 129.0-1 (sid)2024
CVE-2024-7520 [HIGH] CVE-2024-7520: firefox - A type confusion bug in WebAssembly could be leveraged by an attacker to potenti...
A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
Scope: local
sid: resolved (fixed in 129.0-1)
debian
CVE-2025-1011P3HIGHCVSS 8.8fixed in firefox 135.0-1 (sid)2025
CVE-2025-1011 [HIGH] CVE-2025-1011: firefox - A bug in WebAssembly code generation could have lead to a crash. It may have bee...
A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
Scope: local
sid: resolved (fixed in 135.0-1)
debian
CVE-2024-8382P3HIGHCVSS 8.8fixed in firefox 130.0-1 (sid)2024
CVE-2024-8382 [HIGH] CVE-2024-8382: firefox - Internal browser event interfaces were exposed to web content when privileged Ev...
Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulner
debian
CVE-2026-2769P3HIGHCVSS 8.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2769 [HIGH] CVE-2026-2769: firefox - Use-after-free in the Storage: IndexedDB component. This vulnerability affects F...
Use-after-free in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Scope: local
sid: resolved (fixed in 148.0-1)
debian
CVE-2026-0882P3HIGHCVSS 8.8fixed in firefox 147.0-1 (sid)2026
CVE-2026-0882 [HIGH] CVE-2026-0882: firefox - Use-after-free in the IPC component. This vulnerability affects Firefox < 147, F...
Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
Scope: local
sid: resolved (fixed in 147.0-1)
debian
CVE-2018-5163P3HIGHCVSS 8.1fixed in firefox 60.0-1 (sid)2018
CVE-2018-5163 [HIGH] CVE-2018-5163: firefox - If a malicious attacker has used another vulnerability to gain full control over...
If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privileges, escaping
debian
CVE-2025-14323P3HIGHCVSS 8.8fixed in firefox 146.0-1 (sid)2025
CVE-2025-14323 [HIGH] CVE-2025-14323: firefox - Privilege escalation in the DOM: Notifications component. This vulnerability aff...
Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
Scope: local
sid: resolved (fixed in 146.0-1)
debian
CVE-2024-5696P3HIGHCVSS 8.6fixed in firefox 127.0-1 (sid)2024
CVE-2024-5696 [HIGH] CVE-2024-5696: firefox - By manipulating the text in an `<input>` tag, an attacker could have cause...
By manipulating the text in an ` ` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
Scope: local
sid: resolved (fixed in 127.0-1)
debian
CVE-2025-13014P3HIGHCVSS 8.8fixed in firefox 145.0-1 (sid)2025
CVE-2025-13014 [HIGH] CVE-2025-13014: firefox - Use-after-free in the Audio/Video component. This vulnerability affects Firefox ...
Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.
Scope: local
sid: resolved (fixed in 145.0-1)
debian
CVE-2025-13020P3HIGHCVSS 8.8fixed in firefox 145.0-1 (sid)2025
CVE-2025-13020 [HIGH] CVE-2025-13020: firefox - Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects ...
Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
Scope: local
sid: resolved (fixed in 145.0-1)
debian
CVE-2024-4771P3HIGHCVSS 8.6fixed in firefox 126.0-1 (sid)2024
CVE-2024-4771 [HIGH] CVE-2024-4771: firefox - A memory allocation check was missing which would lead to a use-after-free if th...
A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 126.
Scope: local
sid: resolved (fixed in 126.0-1)
debian
CVE-2025-11152P3HIGHCVSS 8.6fixed in firefox 143.0.3-1 (sid)2025
CVE-2025-11152 [HIGH] CVE-2025-11152: firefox - Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This...
Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143.0.3.
Scope: local
sid: resolved (fixed in 143.0.3-1)
debian
CVE-2018-5122P3CRITICALCVSS 9.8fixed in firefox 58.0-1 (sid)2018
CVE-2018-5122 [CRITICAL] CVE-2018-5122: firefox - A potential integer overflow in the "DoCrypt" function of WebCrypto was identifi...
A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write. This vulnerability affects Firefox < 58.
Scope: local
sid: resolved (fixed in 58.0-1)
debian