Debian Firefox vulnerabilities
1,550 known vulnerabilities affecting debian/firefox.
Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42
Vulnerabilities
Page 19 of 78
CVE-2016-5255P3HIGHCVSS 8.8fixed in firefox 48.0-1 (sid)2016
CVE-2016-5255 [HIGH] CVE-2016-5255: firefox - Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function i...
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.
Scope: local
sid: resolved (fixed in 48.0-1)
debian
CVE-2016-5263P3HIGHCVSS 8.8fixed in firefox 48.0-1 (sid)2016
CVE-2016-5263 [HIGH] CVE-2016-5263: firefox - The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox E...
The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion."
Scope: local
sid: resolved (fixed in 48.0-1)
debian
CVE-2020-15673P3HIGHCVSS 8.8fixed in firefox 81.0-1 (sid)2020
CVE-2020-15673 [HIGH] CVE-2020-15673: firefox - Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox...
Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
Scope: local
sid: resolved (fixed
debian
CVE-2021-23994P3HIGHCVSS 8.8fixed in firefox 88.0-1 (sid)2021
CVE-2021-23994 [HIGH] CVE-2021-23994: firefox - A WebGL framebuffer was not initialized early enough, resulting in memory corrup...
A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
Scope: local
sid: resolved (fixed in 88.0-1)
debian
CVE-2020-26973P3HIGHCVSS 8.8fixed in firefox 84.0-1 (sid)2020
CVE-2020-26973 [HIGH] CVE-2020-26973: firefox - Certain input to the CSS Sanitizer confused it, resulting in incorrect component...
Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
Scope: local
sid: resolved (fixed in 84.0-1)
debian
CVE-2020-26960P3HIGHCVSS 8.8fixed in firefox 83.0-1 (sid)2020
CVE-2020-26960 [HIGH] CVE-2020-26960: firefox - If the Compact() method was called on an nsTArray, the array could have been rea...
If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
Scope: local
sid: resolved (fixed in 83.0-1)
debian
CVE-2020-26974P3HIGHCVSS 8.8fixed in firefox 84.0-1 (sid)2020
CVE-2020-26974 [HIGH] CVE-2020-26974: firefox - When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object coul...
When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
Scope: local
sid: resolved (fixed in 84.0-1)
debian
CVE-2021-23987P3HIGHCVSS 8.8fixed in firefox 87.0-1 (sid)2021
CVE-2021-23987 [HIGH] CVE-2021-23987: firefox - Mozilla developers and community members reported memory safety bugs present in ...
Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
Scope: local
debian
CVE-2021-29989P3HIGHCVSS 8.8fixed in firefox 91.0-1 (sid)2021
CVE-2021-29989 [HIGH] CVE-2021-29989: firefox - Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox...
Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91.
Scope: local
sid: resolved (fix
debian
CVE-2021-29976P3HIGHCVSS 8.8fixed in firefox 90.0-1 (sid)2021
CVE-2021-29976 [HIGH] CVE-2021-29976: firefox - Mozilla developers reported memory safety bugs present in code shared between Fi...
Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.
Scope: local
sid: re
debian
CVE-2021-38493P3HIGHCVSS 8.8fixed in firefox 92.0-1 (sid)2021
CVE-2021-38493 [HIGH] CVE-2021-38493: firefox - Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox...
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.
Scope: local
sid: resolved (fix
debian
CVE-2017-5469P3CRITICALCVSS 9.8fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5469 [CRITICAL] CVE-2017-5469: firefox - Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 ...
Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
Scope: local
sid: resolved (fixed in 52.0.1-1)
debian
CVE-2022-1919P3HIGHCVSS 8.8fixed in firefox 101.0-1 (sid)2022
CVE-2022-1919 [HIGH] CVE-2022-1919: firefox - Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remot...
Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Scope: local
sid: resolved (fixed in 101.0-1)
debian
CVE-2023-6863P3HIGHCVSS 8.8fixed in firefox 121.0-1 (sid)2023
CVE-2023-6863 [HIGH] CVE-2023-6863: firefox - The `ShutdownObserver()` was susceptible to potentially undefined behavior due t...
The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Scope: local
sid: resolved (fixed in 121.0-1)
debian
CVE-2022-46874P3HIGHCVSS 8.8fixed in firefox 108.0-1 (sid)2022
CVE-2022-46874 [HIGH] CVE-2022-46874: firefox - A file with a long filename could have had its filename truncated to remove the ...
A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting i
debian
CVE-2022-22751P3HIGHCVSS 8.8fixed in firefox 96.0-1 (sid)2022
CVE-2022-22751 [HIGH] CVE-2022-22751: firefox - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratz...
Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary
debian
CVE-2021-23997P3HIGHCVSS 8.8fixed in firefox 88.0-1 (sid)2021
CVE-2021-23997 [HIGH] CVE-2021-23997: firefox - Due to unexpected data type conversions, a use-after-free could have occurred wh...
Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88.
Scope: local
sid: resolved (fixed in 88.0-1)
debian
CVE-2023-32215P3HIGHCVSS 8.8fixed in firefox 113.0-1 (sid)2023
CVE-2023-32215 [HIGH] CVE-2023-32215: firefox - Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily M...
Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to r
debian
CVE-2023-28176P3HIGHCVSS 8.8fixed in firefox 111.0-1 (sid)2023
CVE-2023-28176 [HIGH] CVE-2023-28176: firefox - Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these b...
Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
Scope: local
sid: resolved (fixed in 111.0-1)
debian
CVE-2023-23605P3HIGHCVSS 8.8fixed in firefox 109.0-1 (sid)2023
CVE-2023-23605 [HIGH] CVE-2023-23605: firefox - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs pres...
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.
debian