cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 13 of 78
CVE-2019-11693P3CRITICALCVSS 9.8fixed in firefox 67.0-2 (sid)2019
CVE-2019-11693 [CRITICAL] CVE-2019-11693: firefox - The bufferdata function in WebGL is vulnerable to a buffer overflow with specifi... The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox
debian
CVE-2025-3030P3HIGHCVSS 8.1fixed in firefox 137.0-1 (sid)2025
CVE-2025-3030 [HIGH] CVE-2025-3030: firefox - Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, a... Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9. Sco
debian
CVE-2025-5268P3HIGHCVSS 8.1fixed in firefox 139.0-1 (sid)2025
CVE-2025-5268 [HIGH] CVE-2025-5268: firefox - Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, ... Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.
debian
CVE-2025-13027P3HIGHCVSS 8.1fixed in firefox 145.0-1 (sid)2025
CVE-2025-13027 [HIGH] CVE-2025-13027: firefox - Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bug... Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 145 and Thunderbird < 145. Scope: local sid: resolved (fixed in 145.0-1)
debian
CVE-2016-2838P3HIGHCVSS 8.8fixed in firefox 48.0-1 (sid)2016
CVE-2016-2838 [HIGH] CVE-2016-2838: firefox - Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mo... Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document. Scope: local sid: resolved (fixed in 48.0-1)
debian
CVE-2016-5278P3HIGHCVSS 8.8fixed in firefox 49.0-1 (sid)2016
CVE-2016-5278 [HIGH] CVE-2016-5278: firefox - Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozill... Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image. Scope: local sid: resolved (fixed in 49.0-1)
debian
CVE-2016-1968P3HIGHCVSS 8.8fixed in brotli 0.3.0+dfsg-3 (bookworm)2016
CVE-2016-1968 [HIGH] CVE-2016-1968: brotli - Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remo... Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression. Scope: local bookworm: resolved (fixed in 0.3.0+dfsg-3) bullseye: resolved (fixed in 0.3.0+dfsg-3) forky: resolved (fixed in 0.3.0+dfsg-3) sid: resolved (fixed in
debian
CVE-2019-11692P3CRITICALCVSS 9.8fixed in firefox 67.0-2 (sid)2019
CVE-2019-11692 [CRITICAL] CVE-2019-11692: firefox - A use-after-free vulnerability can occur when listeners are removed from the eve... A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. Scope: local sid: resolved (fixed in 67.0-2)
debian
CVE-2023-5730P3CRITICALCVSS 9.8fixed in firefox 119.0-1 (sid)2023
CVE-2023-5730 [CRITICAL] CVE-2023-5730: firefox - Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 11... Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Scope: local sid: resolved (fixed
debian
CVE-2018-5104P3CRITICALCVSS 9.8fixed in firefox 58.0-1 (sid)2018
CVE-2018-5104 [CRITICAL] CVE-2018-5104: firefox - A use-after-free vulnerability can occur during font face manipulation when a fo... A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Scope: local sid: resolved (fixed in 58.0-1)
debian
CVE-2018-5102P3CRITICALCVSS 9.8fixed in firefox 58.0-1 (sid)2018
CVE-2018-5102 [CRITICAL] CVE-2018-5102: firefox - A use-after-free vulnerability can occur when manipulating HTML media elements w... A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Scope: local sid: resolved (fixed in 58.0-1)
debian
CVE-2022-34470P3CRITICALCVSS 9.8fixed in firefox 102.0-1 (sid)2022
CVE-2022-34470 [CRITICAL] CVE-2022-34470: firefox - Session history navigations may have led to a use-after-free and potentially exp... Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Scope: local sid: resolved (fixed in 102.0-1)
debian
CVE-2022-31736P3CRITICALCVSS 9.8fixed in firefox 101.0-1 (sid)2022
CVE-2022-31736 [CRITICAL] CVE-2022-31736: firefox - A malicious website could have learned the size of a cross-origin resource that ... A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Scope: local sid: resolved (fixed in 101.0-1)
debian
CVE-2022-46882P3CRITICALCVSS 9.8fixed in firefox 107.0-1 (sid)2022
CVE-2022-46882 [CRITICAL] CVE-2022-46882: firefox - A use-after-free in WebGL extensions could have led to a potentially exploitable... A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6. Scope: local sid: resolved (fixed in 107.0-1)
debian
CVE-2023-4056P3CRITICALCVSS 9.8fixed in firefox 116.0-1 (sid)2023
CVE-2023-4056 [CRITICAL] CVE-2023-4056: firefox - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13... Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 1
debian
CVE-2024-5699P3CRITICALCVSS 9.8fixed in firefox 127.0-1 (sid)2024
CVE-2024-5699 [CRITICAL] CVE-2024-5699: firefox - In violation of spec, cookie prefixes such as `__Secure` were being ignored if t... In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This vulnerability affects Firefox < 127. Scope: local sid: resolved (fixed in 1
debian
CVE-2024-8384P3CRITICALCVSS 9.8fixed in firefox 130.0-1 (sid)2024
CVE-2024-8384 [CRITICAL] CVE-2024-8384: firefox - The JavaScript garbage collector could mis-color cross-compartment objects if OO... The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. Scope: local sid: resolved (fixed in 130.0-1)
debian
CVE-2024-6611P3CRITICALCVSS 9.8fixed in firefox 128.0-1 (sid)2024
CVE-2024-6611 [CRITICAL] CVE-2024-6611: firefox - A nested iframe, triggering a cross-site navigation, could send SameSite=Strict ... A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128. Scope: local sid: resolved (fixed in 128.0-1)
debian
CVE-2024-9393P3HIGHCVSS 7.5fixed in firefox 131.0-1 (sid)2024
CVE-2024-9393 [HIGH] CVE-2024-9393: firefox - An attacker could, via a specially crafted multipart response, execute arbitrary... An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability aff
debian
CVE-2025-49710P3CRITICALCVSS 9.8fixed in firefox 139.0.4-1 (sid)2025
CVE-2025-49710 [CRITICAL] CVE-2025-49710: firefox - An integer overflow was present in `OrderedHashTable` used by the JavaScript eng... An integer overflow was present in `OrderedHashTable` used by the JavaScript engine This vulnerability affects Firefox < 139.0.4. Scope: local sid: resolved (fixed in 139.0.4-1)
debian
Debian Firefox vulnerabilities | cvebase