Debian Firefox vulnerabilities
1,550 known vulnerabilities affecting debian/firefox.
Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42
Vulnerabilities
Page 17 of 78
CVE-2022-38478P3HIGHCVSS 8.8fixed in firefox 104.0-1 (sid)2022
CVE-2022-38478 [HIGH] CVE-2022-38478: firefox - Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox ...
Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR <
debian
CVE-2022-26381P3HIGHCVSS 8.8fixed in firefox 98.0-1 (sid)2022
CVE-2022-26381 [HIGH] CVE-2022-26381: firefox - An attacker could have caused a use-after-free by forcing a text reflow in an SV...
An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
Scope: local
sid: resolved (fixed in 98.0-1)
debian
CVE-2023-6212P3HIGHCVSS 8.8fixed in firefox 120.0-1 (sid)2023
CVE-2023-6212 [HIGH] CVE-2023-6212: firefox - Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 11...
Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Scope: local
sid: resolved (fixed in
debian
CVE-2022-45409P3HIGHCVSS 8.8fixed in firefox 107.0-1 (sid)2022
CVE-2022-45409 [HIGH] CVE-2022-45409: firefox - The garbage collector could have been aborted in several states and zones and <c...
The garbage collector could have been aborted in several states and zones and GCRuntime::finishCollection may not have been called, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
Scope: local
sid: resolved (fixed in 107.0-1)
debian
CVE-2024-0755P3HIGHCVSS 8.8fixed in firefox 122.0-1 (sid)2024
CVE-2024-0755 [HIGH] CVE-2024-0755: firefox - Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 11...
Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Scope: local
sid: resolved (fixed in 12
debian
CVE-2023-32207P3HIGHCVSS 8.8fixed in firefox 113.0-1 (sid)2023
CVE-2023-32207 [HIGH] CVE-2023-32207: firefox - A missing delay in popup notifications could have made it possible for an attack...
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Scope: local
sid: resolved (fixed in 113.0-1)
debian
CVE-2023-37201P3HIGHCVSS 8.8fixed in firefox 115.0-1 (sid)2023
CVE-2023-37201 [HIGH] CVE-2023-37201: firefox - An attacker could have triggered a use-after-free condition when creating a WebR...
An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
Scope: local
sid: resolved (fixed in 115.0-1)
debian
CVE-2023-37211P3HIGHCVSS 8.8fixed in firefox 115.0-1 (sid)2023
CVE-2023-37211 [HIGH] CVE-2023-37211: firefox - Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 1...
Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
Scope: local
sid: resolved (fixed
debian
CVE-2023-4585P3HIGHCVSS 8.8fixed in firefox 117.0-1 (sid)2023
CVE-2023-4585 [HIGH] CVE-2023-4585: firefox - Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 11...
Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
Scope: local
sid: resolved (fixed in 11
debian
CVE-2026-0880P3HIGHCVSS 8.8fixed in firefox 147.0-1 (sid)2026
CVE-2026-0880 [HIGH] CVE-2026-0880: firefox - Sandbox escape due to integer overflow in the Graphics component. This vulnerabi...
Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
Scope: local
sid: resolved (fixed in 147.0-1)
debian
CVE-2024-6607P3HIGHCVSS 8.8fixed in firefox 128.0-1 (sid)2024
CVE-2024-6607 [HIGH] CVE-2024-6607: firefox - It was possible to prevent a user from exiting pointerlock when pressing escape ...
It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a ` ` element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox < 128 and Thunderbird < 128.
Scope: local
sid: resolved (fixed in 128.0-1)
debian
CVE-2023-25731P3HIGHCVSS 8.8fixed in firefox 110.0-1 (sid)2023
CVE-2023-25731 [HIGH] CVE-2023-25731: firefox - Due to URL previews in the network panel of developer tools improperly storing U...
Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110.
Scope: local
sid: resolved (fixed in 110.0-1)
debian
CVE-2023-3600P3HIGHCVSS 8.8fixed in firefox 115.0.2-1 (sid)2023
CVE-2023-3600 [HIGH] CVE-2023-3600: firefox - During the worker lifecycle, a use-after-free condition could have occurred, whi...
During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1.
Scope: local
sid: resolved (fixed in 115.0.2-1)
debian
CVE-2024-4777P3HIGHCVSS 8.8fixed in firefox 126.0-1 (sid)2024
CVE-2024-4777 [HIGH] CVE-2024-4777: firefox - Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 1...
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Scope: local
sid: resolved (fixed i
debian
CVE-2024-7528P3HIGHCVSS 8.8fixed in firefox 129.0-1 (sid)2024
CVE-2024-7528 [HIGH] CVE-2024-7528: firefox - Incorrect garbage collection interaction in IndexedDB could have led to a use-af...
Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
Scope: local
sid: resolved (fixed in 129.0-1)
debian
CVE-2025-1010P3HIGHCVSS 8.8fixed in firefox 135.0-1 (sid)2025
CVE-2025-1010 [HIGH] CVE-2025-1010: firefox - An attacker could have caused a use-after-free via the Custom Highlight API, lea...
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
Scope: local
sid: resolved (fixed in 135.0-1)
debian
CVE-2016-5270P3CRITICALCVSS 9.8fixed in firefox 49.0-1 (sid)2016
CVE-2016-5270 [CRITICAL] CVE-2016-5270: firefox - Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString...
Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion.
debian
CVE-2026-5733P3HIGHCVSS 8.8fixed in firefox 149.0.2-1 (sid)2026
CVE-2026-5733 [HIGH] CVE-2026-5733: firefox - Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerabil...
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 149.0.2 and Thunderbird < 149.0.2.
Scope: local
sid: resolved (fixed in 149.0.2-1)
debian
CVE-2026-4690P3HIGHCVSS 8.6fixed in firefox 149.0-1 (sid)2026
CVE-2026-4690 [HIGH] CVE-2026-4690: firefox - Sandbox escape due to incorrect boundary conditions, integer overflow in the XPC...
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Scope: local
sid: resolved (fixed in 149.0-1)
debian
CVE-2018-5156P3CRITICALCVSS 9.8fixed in firefox 61.0-1 (sid)2018
CVE-2018-5156 [CRITICAL] CVE-2018-5156: firefox - A vulnerability can occur when capturing a media stream when the media source ty...
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Scope: local
sid: resolved (fixed in 61
debian