Debian Firefox vulnerabilities
1,550 known vulnerabilities affecting debian/firefox.
Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42
Vulnerabilities
Page 15 of 78
CVE-2024-10467P3HIGHCVSS 8.8fixed in firefox 132.0-1 (sid)2024
CVE-2024-10467 [HIGH] CVE-2024-10467: firefox - Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 12...
Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Scope: local
sid:
debian
CVE-2016-5274P3CRITICALCVSS 9.8fixed in firefox 49.0-1 (sid)2016
CVE-2016-5274 [CRITICAL] CVE-2016-5274: firefox - Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function i...
Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.
Scope: local
sid: resolved (fixed in 49.0-1)
debian
CVE-2024-7521P3HIGHCVSS 8.8fixed in firefox 129.0-1 (sid)2024
CVE-2024-7521 [HIGH] CVE-2024-7521: firefox - Incomplete WebAssembly exception handing could have led to a use-after-free. Thi...
Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Scope: local
sid: resolved (fixed in 129.0-1)
debian
CVE-2024-7527P3HIGHCVSS 8.8fixed in firefox 129.0-1 (sid)2024
CVE-2024-7527 [HIGH] CVE-2024-7527: firefox - Unexpected marking work at the start of sweeping could have led to a use-after-f...
Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Scope: local
sid: resolved (fixed in 129.0-1)
debian
CVE-2018-12392P3CRITICALCVSS 9.8fixed in firefox 63.0-1 (sid)2018
CVE-2018-12392 [CRITICAL] CVE-2018-12392: firefox - When manipulating user events in nested loops while opening a document through s...
When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.
Scope: local
sid: resolved (fixed in 63.0-1)
debian
CVE-2025-6432P3HIGHCVSS 8.6fixed in firefox 140.0-1 (sid)2025
CVE-2025-6432 [HIGH] CVE-2025-6432: firefox - When Multi-Account Containers was enabled, DNS requests could have bypassed a SO...
When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability affects Firefox < 140 and Thunderbird < 140.
Scope: local
sid: resolved (fixed in 140.0-1)
debian
CVE-2024-2612P3HIGHCVSS 8.1fixed in firefox 124.0-1 (sid)2024
CVE-2024-2612 [HIGH] CVE-2024-2612: firefox - If an attacker could find a way to trigger a particular code path in `SafeRefPtr...
If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
Scope: local
sid: resolved (fixed in 124.0-1)
debian
CVE-2024-3864P3HIGHCVSS 8.1fixed in firefox 125.0.1-1 (sid)2024
CVE-2024-3864 [HIGH] CVE-2024-3864: firefox - Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115...
Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
Scope: local
sid: resolved (fixed in 125.0.1-1)
debian
CVE-2018-12369P3CRITICALCVSS 9.8fixed in firefox 61.0-1 (sid)2018
CVE-2018-12369 [CRITICAL] CVE-2018-12369: firefox - WebExtensions bundled with embedded experiments were not correctly checked for p...
WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox < 61.
Scope: local
sid: resolved (fixed in 61.0-1)
debian
CVE-2025-4091P3HIGHCVSS 8.1fixed in firefox 138.0-1 (sid)2025
CVE-2025-4091 [HIGH] CVE-2025-4091: firefox - Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, a...
Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10.
S
debian
CVE-2025-6435P3HIGHCVSS 8.1fixed in firefox 140.0-1 (sid)2025
CVE-2025-6435 [HIGH] CVE-2025-6435: firefox - If a user saved a response from the Network tab in Devtools using the Save As co...
If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the `.download` file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability affects Firefox < 140 and Thunderbird < 140.
Scope: local
sid: resolved (fixed in 140.0-1)
debian
CVE-2017-7821P3CRITICALCVSS 9.8fixed in firefox 56.0-1 (sid)2017
CVE-2017-7821 [CRITICAL] CVE-2017-7821: firefox - A vulnerability where WebExtensions can download and attempt to open a file of s...
A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those document types. This vulnerability affects Firefox < 56.
Scope: local
sid
debian
CVE-2023-4050P3HIGHCVSS 7.5fixed in firefox 116.0-1 (sid)2023
CVE-2023-4050 [HIGH] CVE-2023-4050: firefox - In some cases, an untrusted input stream was copied to a stack buffer without ch...
In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
Scope: local
sid: resolved (fixed in 116.0-1)
debian
CVE-2019-11714P3CRITICALCVSS 9.8fixed in firefox 68.0-1 (sid)2019
CVE-2019-11714 [CRITICAL] CVE-2019-11714: firefox - Necko can access a child on the wrong thread during UDP connections, resulting i...
Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 68.
Scope: local
sid: resolved (fixed in 68.0-1)
debian
CVE-2020-6815P3CRITICALCVSS 9.8fixed in firefox 74.0-1 (sid)2020
CVE-2020-6815 [CRITICAL] CVE-2020-6815: firefox - Mozilla developers reported memory safety and script safety bugs present in Fire...
Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 74.
Scope: local
sid: resolved (fixed in 74.0-1)
debian
CVE-2023-5176P3CRITICALCVSS 9.8fixed in firefox 118.0-1 (sid)2023
CVE-2023-5176 [CRITICAL] CVE-2023-5176: firefox - Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 11...
Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
Scope: local
sid: resolved (fixed i
debian
CVE-2022-31737P3CRITICALCVSS 9.8fixed in firefox 101.0-1 (sid)2022
CVE-2022-31737 [CRITICAL] CVE-2022-31737: firefox - A malicious webpage could have caused an out-of-bounds write in WebGL, leading t...
A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
Scope: local
sid: resolved (fixed in 101.0-1)
debian
CVE-2023-5172P3CRITICALCVSS 9.8fixed in firefox 118.0-1 (sid)2023
CVE-2023-5172 [CRITICAL] CVE-2023-5172: firefox - A hashtable in the Ion Engine could have been mutated while there was a live in...
A hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 118.
Scope: local
sid: resolved (fixed in 118.0-1)
debian
CVE-2016-5259P3HIGHCVSS 8.8fixed in firefox 48.0-1 (sid)2016
CVE-2016-5259 [HIGH] CVE-2016-5259: firefox - Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Moz...
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop.
Scope: local
sid: resolved (fixed in 48.0-1)
debian
CVE-2016-5252P3HIGHCVSS 8.8fixed in firefox 48.0-1 (sid)2016
CVE-2016-5252 [HIGH] CVE-2016-5252: firefox - Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozill...
Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations.
Scope: local
sid: resolved (fixed in 48.0-1)
debian