Debian Firefox vulnerabilities
1,550 known vulnerabilities affecting debian/firefox.
Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42
Vulnerabilities
Page 2 of 78
CVE-2024-4367P2HIGHCVSS 8.8PoCfixed in firefox 126.0-1 (sid)2024
CVE-2024-4367 [HIGH] CVE-2024-4367: firefox - A type check was missing when handling fonts in PDF.js, which would allow arbitr...
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Scope: local
sid: resolved (fixed in 126.0-1)
debian
CVE-2020-26950P2HIGHCVSS 8.8PoCfixed in firefox 82.0.3-1 (sid)2020
CVE-2020-26950 [HIGH] CVE-2020-26950: firefox - In certain circumstances, the MCallGetProperty opcode can be emitted with unmet ...
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2.
Scope: local
sid: resolved (fixed in 82.0.3-1)
debian
CVE-2019-9791P2CRITICALCVSS 9.8PoCfixed in firefox 66.0-1 (sid)2019
CVE-2019-9791 [CRITICAL] CVE-2019-9791: firefox - The type inference system allows the compilation of functions that can cause typ...
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vu
debian
CVE-2017-5375P2CRITICALCVSS 9.8PoCfixed in firefox 51.0-1 (sid)2017
CVE-2017-5375 [CRITICAL] CVE-2017-5375: firefox - JIT code allocation can allow for a bypass of ASLR and DEP protections leading t...
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
Scope: local
sid: resolved (fixed in 51.0-1)
debian
CVE-2016-2819P2HIGHCVSS 8.8PoCfixed in firefox 47.0-1 (sid)2016
CVE-2016-2819 [HIGH] CVE-2016-2819: firefox - Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x b...
Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.
Scope: local
sid: resolved (fixed in 47.0-1)
debian
CVE-2016-9899P2CRITICALCVSS 9.8PoCfixed in firefox 50.1.0-1 (sid)2016
CVE-2016-9899 [CRITICAL] CVE-2016-9899: firefox - Use-after-free while manipulating DOM events and removing audio elements due to ...
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
Scope: local
sid: resolved (fixed in 50.1.0-1)
debian
CVE-2018-5159P2CRITICALCVSS 9.8PoCfixed in firefox 60.0-1 (sid)2018
CVE-2018-5159 [CRITICAL] CVE-2018-5159: firefox - An integer overflow can occur in the Skia library due to 32-bit integer use in a...
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
Scope: local
debian
CVE-2016-1960P2HIGHCVSS 8.8PoCfixed in firefox 45.0-1 (sid)2016
CVE-2016-1960 [HIGH] CVE-2016-1960: firefox - Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in ...
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.
Scope: local
sid: resolved (fix
debian
CVE-2017-5447P2CRITICALCVSS 9.1PoCfixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5447 [CRITICAL] CVE-2017-5447: firefox - An out-of-bounds read during the processing of glyph widths during text layout. ...
An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
Scope: local
sid: resolved (fixed in 52.0.1-1)
debian
CVE-2017-5404P2CRITICALCVSS 9.8PoCfixed in firefox 52.0-1 (sid)2017
CVE-2017-5404 [CRITICAL] CVE-2017-5404: firefox - A use-after-free error can occur when manipulating ranges in selections with one...
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
Scope: local
sid: resolved (fixed in 52.0-1)
debian
CVE-2017-5465P2CRITICALCVSS 9.1PoCfixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5465 [CRITICAL] CVE-2017-5465: firefox - An out-of-bounds read while processing SVG content in "ConvolvePixel". This resu...
An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
Scope: local
sid: resolved (fixed in 52.0.1-1)
debian
CVE-2019-9792P2CRITICALCVSS 9.8PoCfixed in firefox 66.0-1 (sid)2019
CVE-2019-9792 [CRITICAL] CVE-2019-9792: firefox - The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT ...
The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
Scope: local
sid: res
debian
CVE-2018-6126P2HIGHCVSS 8.8PoCfixed in firefox 60.0.2-1 (sid)2018
CVE-2018-6126 [HIGH] CVE-2018-6126: firefox - A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remot...
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Scope: local
sid: resolved (fixed in 60.0.2-1)
debian
CVE-2019-9813P3HIGHCVSS 8.8PoCfixed in firefox 66.0.1-1 (sid)2019
CVE-2019-9813 [HIGH] CVE-2019-9813: firefox - Incorrect handling of __proto__ mutations may lead to type confusion in IonMonke...
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
Scope: local
sid: resolved (fixed in 66.0.1-1)
debian
CVE-2006-0295P3MEDIUMCVSS 5.1PoCfixed in firefox 1.5.dfsg+1.5.0.1-1 (sid)2006
CVE-2006-0295 [MEDIUM] CVE-2006-0295: firefox - Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMo...
Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.
Scope: local
sid: resolved (fixed in 1.5.dfsg+1.5.0.1-1)
debian
CVE-2017-7783P3HIGHCVSS 7.5PoCfixed in firefox 55.0-1 (sid)2017
CVE-2017-7783 [HIGH] CVE-2017-7783: firefox - If a long user name is used in a username/password combination in a site URL (su...
If a long user name is used in a username/password combination in a site URL (such as " http://UserName:[email protected]"), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. This vulnerability affects Firefox < 55.
Scope: local
sid: resolved (fixed in 55.0-1)
debian
CVE-2006-1993P3HIGHCVSS 5.1PoCfixed in firefox 1.5.dfsg+1.5.0.3-1 (sid)2006
CVE-2006-1993 [MEDIUM] CVE-2006-1993: firefox - Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to ...
Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in
debian
CVE-2024-29943P2CRITICALCVSS 9.8fixed in firefox 124.0.1-1 (sid)2024
CVE-2024-29943 [CRITICAL] CVE-2024-29943: firefox - An attacker was able to perform an out-of-bounds read or write on a JavaScript o...
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.
Scope: local
sid: resolved (fixed in 124.0.1-1)
debian
CVE-2023-6856P2HIGHCVSS 8.8fixed in firefox 121.0-1 (sid)2023
CVE-2023-6856 [HIGH] CVE-2023-6856: firefox - The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overfl...
The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Scope: local
sid: resolved (fixed in 121.0-1)
debian
CVE-2017-5415P3MEDIUMCVSS 5.3PoCfixed in firefox 52.0-1 (sid)2017
CVE-2017-5415 [MEDIUM] CVE-2017-5415: firefox - An attack can use a blob URL and script to spoof an arbitrary addressbar URL pre...
An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as the protocol, leading to user confusion and further spoofing attacks. This vulnerability affects Firefox < 52.
Scope: local
sid: resolved (fixed in 52.0-1)
debian