cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 18 of 78
CVE-2026-24869P3HIGHCVSS 8.8fixed in firefox 147.0.2-1 (sid)2026
CVE-2026-24869 [HIGH] CVE-2026-24869: firefox - Use-after-free in the Layout: Scrolling and Overflow component. This vulnerabili... Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability affects Firefox < 147.0.2. Scope: local sid: resolved (fixed in 147.0.2-1)
debian
CVE-2018-5094P3HIGHCVSS 7.5fixed in firefox 58.0-1 (sid)2018
CVE-2018-5094 [HIGH] CVE-2018-5094: firefox - A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElemen... A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58. Scope: local sid: resolved (fixed in 58.0-1)
debian
CVE-2026-4687P3HIGHCVSS 8.6fixed in firefox 149.0-1 (sid)2026
CVE-2026-4687 [HIGH] CVE-2026-4687: firefox - Sandbox escape due to incorrect boundary conditions in the Telemetry component. ... Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2017-5460P3CRITICALCVSS 9.8fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5460 [CRITICAL] CVE-2017-5460: firefox - A use-after-free vulnerability in frame selection triggered by a combination of ... A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)
debian
CVE-2017-5428P3CRITICALCVSS 9.8fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5428 [CRITICAL] CVE-2017-5428: firefox - An integer overflow in "createImageBitmap()" was reported through the Pwn2Own co... An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.
debian
CVE-2020-15683P3CRITICALCVSS 9.8fixed in firefox 82.0-1 (sid)2020
CVE-2020-15683 [CRITICAL] CVE-2020-15683: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4. Scope: l
debian
CVE-2024-1553P3HIGHCVSS 8.1fixed in firefox 123.0-1 (sid)2024
CVE-2024-1553 [HIGH] CVE-2024-1553: firefox - Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 11... Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Scope: local sid: resolved (fixed in 12
debian
CVE-2016-5287P3CRITICALCVSS 9.8fixed in firefox 50.0-1 (sid)2016
CVE-2016-5287 [CRITICAL] CVE-2016-5287: firefox - A potentially exploitable use-after-free crash during actor destruction with ser... A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. This vulnerability affects Firefox < 49.0.2. Scope: local sid: resolved (fixed in 50.0-1)
debian
CVE-2019-9796P3CRITICALCVSS 9.8fixed in firefox 66.0-1 (sid)2019
CVE-2019-9796 [CRITICAL] CVE-2019-9796: firefox - A use-after-free vulnerability can occur when the SMIL animation controller inco... A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array. This vulnerabil
debian
CVE-2019-9790P3CRITICALCVSS 9.8fixed in firefox 66.0-1 (sid)2019
CVE-2019-9790 [CRITICAL] CVE-2019-9790: firefox - A use-after-free vulnerability can occur when a raw pointer to a DOM element on ... A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Scope: local sid: resolved (fixed in 66.0-1)
debian
CVE-2019-9795P3CRITICALCVSS 9.8fixed in firefox 66.0-1 (sid)2019
CVE-2019-9795 [CRITICAL] CVE-2019-9795: firefox - A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compile... A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Scope: local sid: resolved (fixed in 66.0-1)
debian
CVE-2019-9819P3CRITICALCVSS 9.8fixed in firefox 67.0-2 (sid)2019
CVE-2019-9819 [CRITICAL] CVE-2019-9819: firefox - A vulnerability where a JavaScript compartment mismatch can occur while working ... A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. Scope: local sid: resolved (fixed in 67.0-2)
debian
CVE-2019-9820P3CRITICALCVSS 9.8fixed in firefox 67.0-2 (sid)2019
CVE-2019-9820 [CRITICAL] CVE-2019-9820: firefox - A use-after-free vulnerability can occur in the chrome event handler when it is ... A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. Scope: local sid: resolved (fixed in 67.0-2)
debian
CVE-2022-45406P3CRITICALCVSS 9.8fixed in firefox 107.0-1 (sid)2022
CVE-2022-45406 [CRITICAL] CVE-2022-45406: firefox - If an out-of-memory condition occurred when creating a JavaScript global, a Java... If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed in 107.0-
debian
CVE-2022-31747P3CRITICALCVSS 9.8fixed in firefox 101.0-1 (sid)2022
CVE-2022-31747 [CRITICAL] CVE-2022-31747: firefox - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing... Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10,
debian
CVE-2016-5258P3HIGHCVSS 8.8fixed in firefox 48.0-1 (sid)2016
CVE-2016-5258 [HIGH] CVE-2016-5258: firefox - Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox befo... Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session. Scope: local sid: resolved (fixed in 48.0-1)
debian
CVE-2023-4057P3CRITICALCVSS 9.8fixed in firefox 116.0-1 (sid)2023
CVE-2023-4057 [CRITICAL] CVE-2023-4057: firefox - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 11... Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1. Scope: local sid: resolved (fixed i
debian
CVE-2016-2828P3HIGHCVSS 8.8fixed in firefox 47.0-1 (sid)2016
CVE-2016-2828 [HIGH] CVE-2016-2828: firefox - Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x... Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool. Scope: local sid: resolved (fixed in 47.0-1)
debian
CVE-2022-26384P3CRITICALCVSS 9.6fixed in firefox 98.0-1 (sid)2022
CVE-2022-26384 [CRITICAL] CVE-2022-26384: firefox - If an attacker could control the contents of an iframe sandboxed with <code>allo... If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. Scope: local sid: resolved (fixed in 98.0-1)
debian
CVE-2024-7519P3CRITICALCVSS 9.6fixed in firefox 129.0-1 (sid)2024
CVE-2024-7519 [CRITICAL] CVE-2024-7519: firefox - Insufficient checks when processing graphics shared memory could have led to mem... Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Scope: local sid: resolved (fixed in 129.0-1)
debian
Debian Firefox vulnerabilities | cvebase