Debian Firefox vulnerabilities

1,810 known vulnerabilities affecting debian/firefox.

Total CVEs

1,810

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL333HIGH633MEDIUM542LOW302

Vulnerabilities

Page 2 of 91

CVE-2026-2796CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026

CVE-2026-2796 [CRITICAL] CVE-2026-2796: firefox - JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability ... JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148. Scope: local sid: resolved (fixed in 148.0-1)

debian

CVE-2026-5731CRITICALCVSS 9.8fixed in firefox 149.0.2-1 (sid)2026

CVE-2026-5731 [CRITICAL] CVE-2026-5731: firefox - Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunder... Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149.0.2, Firefox ESR < 115.34.1,

debian

CVE-2026-0892CRITICALCVSS 9.8fixed in firefox 147.0-1 (sid)2026

CVE-2026-0892 [CRITICAL] CVE-2026-0892: firefox - Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bug... Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 147 and Thunderbird < 147. Scope: local sid: resolved (fixed in 147.0-1)

debian

CVE-2026-2780CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026

CVE-2026-2780 [CRITICAL] CVE-2026-2780: firefox - Privilege escalation in the Netmonitor component. This vulnerability affects Fir... Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

debian

CVE-2026-2766CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026

CVE-2026-2766 [CRITICAL] CVE-2026-2766: firefox - Use-after-free in the JavaScript Engine: JIT component. This vulnerability affec... Use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

debian

CVE-2026-2788CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026

CVE-2026-2788 [CRITICAL] CVE-2026-2788: firefox - Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerabil... Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

debian

CVE-2026-2782CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026

CVE-2026-2782 [CRITICAL] CVE-2026-2782: firefox - Privilege escalation in the Netmonitor component. This vulnerability affects Fir... Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

debian

CVE-2026-2784CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026

CVE-2026-2784 [CRITICAL] CVE-2026-2784: firefox - Mitigation bypass in the DOM: Security component. This vulnerability affects Fir... Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

debian

CVE-2026-4689CRITICALCVSS 10.0fixed in firefox 149.0-1 (sid)2026

CVE-2026-4689 [CRITICAL] CVE-2026-4689: firefox - Sandbox escape due to incorrect boundary conditions, integer overflow in the XPC... Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

debian

CVE-2026-2805CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026

CVE-2026-2805 [CRITICAL] CVE-2026-2805: firefox - Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Fi... Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148. Scope: local sid: resolved (fixed in 148.0-1)

debian

CVE-2026-2758CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026

CVE-2026-2758 [CRITICAL] CVE-2026-2758: firefox - Use-after-free in the JavaScript: GC component. This vulnerability affects Firef... Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

debian

CVE-2026-2762CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026

CVE-2026-2762 [CRITICAL] CVE-2026-2762: firefox - Integer overflow in the JavaScript: Standard Library component. This vulnerabili... Integer overflow in the JavaScript: Standard Library component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

debian

CVE-2026-2786CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026

CVE-2026-2786 [CRITICAL] CVE-2026-2786: firefox - Use-after-free in the JavaScript Engine component. This vulnerability affects Fi... Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

debian

CVE-2026-2765CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026

CVE-2026-2765 [CRITICAL] CVE-2026-2765: firefox - Use-after-free in the JavaScript Engine component. This vulnerability affects Fi... Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

debian

CVE-2026-2781CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026

CVE-2026-2781 [CRITICAL] CVE-2026-2781: firefox - Integer overflow in the Libraries component in NSS. This vulnerability affects F... Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

debian

CVE-2026-4696CRITICALCVSS 9.8fixed in firefox 149.0-1 (sid)2026

CVE-2026-4696 [CRITICAL] CVE-2026-4696: firefox - Use-after-free in the Layout: Text and Fonts component. This vulnerability affec... Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

debian

CVE-2026-4701CRITICALCVSS 9.8fixed in firefox 149.0-1 (sid)2026

CVE-2026-4701 [CRITICAL] CVE-2026-4701: firefox - Use-after-free in the JavaScript Engine component. This vulnerability affects Fi... Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

debian

CVE-2026-2785CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026

CVE-2026-2785 [CRITICAL] CVE-2026-2785: firefox - Invalid pointer in the JavaScript Engine component. This vulnerability affects F... Invalid pointer in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

debian

CVE-2026-2807CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026

CVE-2026-2807 [CRITICAL] CVE-2026-2807: firefox - Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bug... Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148 and Thunderbird < 148. Scope: local sid: resolved (fixed in 148.0-1)

debian

CVE-2026-4724CRITICALCVSS 9.1fixed in firefox 149.0-1 (sid)2026

CVE-2026-4724 [CRITICAL] CVE-2026-4724: firefox - Undefined behavior in the Audio/Video component. This vulnerability affects Fire... Undefined behavior in the Audio/Video component. This vulnerability affects Firefox < 149 and Thunderbird < 149. Scope: local sid: resolved (fixed in 149.0-1)

debian

← Previous2 / 91Next →