cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 14 of 78
CVE-2024-9402P3CRITICALCVSS 9.8fixed in firefox 131.0-1 (sid)2024
CVE-2024-9402 [CRITICAL] CVE-2024-9402: firefox - Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 12... Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Scope: local sid
debian
CVE-2016-5275P3HIGHCVSS 8.8fixed in firefox 49.0-1 (sid)2016
CVE-2016-5275 [HIGH] CVE-2016-5275: firefox - Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions f... Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rendering. Scope: local sid: resolved (fixed in 49.0-1)
debian
CVE-2024-8387P3CRITICALCVSS 9.8fixed in firefox 130.0-1 (sid)2024
CVE-2024-8387 [CRITICAL] CVE-2024-8387: firefox - Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 12... Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. Scope: local sid: resolved (fixed i
debian
CVE-2024-5695P3CRITICALCVSS 9.8fixed in firefox 127.0-1 (sid)2024
CVE-2024-5695 [CRITICAL] CVE-2024-5695: firefox - If an out-of-memory condition occurs at a specific point using allocations in th... If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox < 127. Scope: local sid: resolved (fixed in 127.0-1)
debian
CVE-2026-2805P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2805 [CRITICAL] CVE-2026-2805: firefox - Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Fi... Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148. Scope: local sid: resolved (fixed in 148.0-1)
debian
CVE-2025-6433P3CRITICALCVSS 9.8fixed in firefox 140.0-1 (sid)2025
CVE-2025-6433 [CRITICAL] CVE-2025-6433: firefox - If a user visited a webpage with an invalid TLS certificate, and granted an exce... If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This vulnerability affects Firefox < 140 and Thunderbird < 140. Scope: loca
debian
CVE-2016-9063P3CRITICALCVSS 9.8fixed in expat 2.2.0-2 (bookworm)2016
CVE-2016-9063 [CRITICAL] CVE-2016-9063: expat - An integer overflow during the parsing of XML using the Expat library. This vuln... An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. Scope: local bookworm: resolved (fixed in 2.2.0-2) bullseye: resolved (fixed in 2.2.0-2) forky: resolved (fixed in 2.2.0-2) sid: resolved (fixed in 2.2.0-2) trixie: resolved (fixed in 2.2.0-2)
debian
CVE-2020-15678P3HIGHCVSS 8.8fixed in firefox 81.0-1 (sid)2020
CVE-2020-15678 [HIGH] CVE-2020-15678: firefox - When recursing through graphical layers while scrolling, an iterator may have be... When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. Scope: local sid: reso
debian
CVE-2019-11759P3HIGHCVSS 8.8fixed in firefox 70.0-1 (sid)2019
CVE-2019-11759 [HIGH] CVE-2019-11759: firefox - An attacker could have caused 4 bytes of HMAC output to be written past the end ... An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. Scope: local sid: resolved (fixed in 70.0-1)
debian
CVE-2017-5448P3HIGHCVSS 8.6fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5448 [HIGH] CVE-2017-5448: firefox - An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-enc... An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerabi
debian
CVE-2018-18493P3CRITICALCVSS 9.8fixed in firefox 64.0-1 (sid)2018
CVE-2018-18493 [CRITICAL] CVE-2018-18493: firefox - A buffer overflow can occur in the Skia library during buffer offset calculation... A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Scope: local sid: resolved (fixed in 64.0-1)
debian
CVE-2023-6861P3HIGHCVSS 8.8fixed in firefox 121.0-1 (sid)2023
CVE-2023-6861 [HIGH] CVE-2023-6861: firefox - The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflo... The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)
debian
CVE-2025-0242P3MEDIUMCVSS 6.5fixed in firefox 134.0-1 (sid)2025
CVE-2025-0242 [MEDIUM] CVE-2025-0242: firefox - Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, ... Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firef
debian
CVE-2020-6822P3HIGHCVSS 8.8fixed in firefox 75.0-1 (sid)2020
CVE-2020-6822 [HIGH] CVE-2020-6822: firefox - On 32-bit builds, an out of bounds write could have occurred when processing an ... On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75. Scope: local sid: resolved (fixed in 75.0-1)
debian
CVE-2024-0750P3HIGHCVSS 8.8fixed in firefox 122.0-1 (sid)2024
CVE-2024-0750 [HIGH] CVE-2024-0750: firefox - A bug in popup notifications delay calculation could have made it possible for a... A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Scope: local sid: resolved (fixed in 122.0-1)
debian
CVE-2023-6208P3HIGHCVSS 8.8fixed in firefox 120.0-1 (sid)2023
CVE-2023-6208 [HIGH] CVE-2023-6208: firefox - When using X11, text selected by the page using the Selection API was erroneousl... When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Scope: local sid: resolved (fixed in 120.0-1)
debian
CVE-2023-4584P3HIGHCVSS 8.8fixed in firefox 117.0-1 (sid)2023
CVE-2023-4584 [HIGH] CVE-2023-4584: firefox - Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1... Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Th
debian
CVE-2024-11699P3HIGHCVSS 8.8fixed in firefox 133.0-1 (sid)2024
CVE-2024-11699 [HIGH] CVE-2024-11699: firefox - Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 12... Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. Scope: local sid:
debian
CVE-2023-25729P3HIGHCVSS 8.8fixed in firefox 110.0-1 (sid)2023
CVE-2023-25729 [HIGH] CVE-2023-25729: firefox - Permission prompts for opening external schemes were only shown for <code>Conten... Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open them without user interaction via ExpandedPrincipals. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbir
debian
CVE-2024-0751P3HIGHCVSS 8.8fixed in firefox 122.0-1 (sid)2024
CVE-2024-0751 [HIGH] CVE-2024-0751: firefox - A malicious devtools extension could have been used to escalate privileges. This... A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Scope: local sid: resolved (fixed in 122.0-1)
debian
Debian Firefox vulnerabilities | cvebase