cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 22 of 78
CVE-2020-15667P3HIGHCVSS 8.8fixed in firefox 80.0-1 (sid)2020
CVE-2020-15667 [HIGH] CVE-2020-15667: firefox - When processing a MAR update file, after the signature has been validated, an in... When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80. Scope: local s
debian
CVE-2021-43539P3HIGHCVSS 8.8fixed in firefox 95.0-1 (sid)2021
CVE-2021-43539 [HIGH] CVE-2021-43539: firefox - Failure to correctly record the location of live pointers across wasm instance c... Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Scope: local sid: resolved (fixed in
debian
CVE-2021-23978P3HIGHCVSS 8.8fixed in firefox 86.0-1 (sid)2021
CVE-2021-23978 [HIGH] CVE-2021-23978: firefox - Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox... Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. Scope: local sid: resolved (fixed
debian
CVE-2020-15656P3HIGHCVSS 8.8fixed in firefox 79.0-1 (sid)2020
CVE-2020-15656 [HIGH] CVE-2020-15656: firefox - JIT optimizations involving the Javascript arguments object could confuse later ... JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. Scope: local sid: resolved (fixed in 79.0-1)
debian
CVE-2020-26968P3HIGHCVSS 8.8fixed in firefox 83.0-1 (sid)2020
CVE-2020-26968 [HIGH] CVE-2020-26968: firefox - Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox... Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Scope: local sid: resolved (fixed
debian
CVE-2020-35113P3HIGHCVSS 8.8fixed in firefox 84.0-1 (sid)2020
CVE-2020-35113 [HIGH] CVE-2020-35113: firefox - Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox... Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. Scope: local sid: resolved (fixed
debian
CVE-2021-23999P3HIGHCVSS 8.8fixed in firefox 88.0-1 (sid)2021
CVE-2021-23999 [HIGH] CVE-2021-23999: firefox - If a Blob URL was loaded through some unusual user interaction, it could have be... If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. Scope: local sid: resolved (fixed in 88.0-1)
debian
CVE-2021-23964P3HIGHCVSS 8.8fixed in firefox 85.0-1 (sid)2021
CVE-2021-23964 [HIGH] CVE-2021-23964: firefox - Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox... Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. Scope: local sid: resolved (fixed
debian
CVE-2021-38500P3HIGHCVSS 8.8fixed in firefox 93.0-1 (sid)2021
CVE-2021-38500 [HIGH] CVE-2021-38500: firefox - Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox... Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefo
debian
CVE-2021-43534P3HIGHCVSS 8.8fixed in firefox 94.0-1 (sid)2021
CVE-2021-43534 [HIGH] CVE-2021-43534: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Scope: local
debian
CVE-2021-23960P3HIGHCVSS 8.8fixed in firefox 85.0-1 (sid)2021
CVE-2021-23960 [HIGH] CVE-2021-23960: firefox - Performing garbage collection on re-declared JavaScript variables resulted in a ... Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. Scope: local sid: resolved (fixed in 85.0-1)
debian
CVE-2023-6859P3HIGHCVSS 8.8fixed in firefox 121.0-1 (sid)2023
CVE-2023-6859 [HIGH] CVE-2023-6859: firefox - A use-after-free condition affected TLS socket creation when under memory pressu... A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)
debian
CVE-2020-12406P3HIGHCVSS 8.8fixed in firefox 77.0-1 (sid)2020
CVE-2020-12406 [HIGH] CVE-2020-12406: firefox - Mozilla Developer Iain Ireland discovered a missing type check during unboxed ob... Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. Scope: local sid: resolved (fixed in 77.0-1)
debian
CVE-2022-38477P3HIGHCVSS 8.8fixed in firefox 104.0-1 (sid)2022
CVE-2022-38477 [HIGH] CVE-2022-38477: firefox - Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safe... Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.2, Thunderbird < 102.2, and Fir
debian
CVE-2022-22761P3HIGHCVSS 8.8fixed in firefox 97.0-1 (sid)2022
CVE-2022-22761 [HIGH] CVE-2022-22761: firefox - Web-accessible extension pages (pages with a moz-extension:// scheme) were not c... Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Scope: local sid: resolved (fixed in 97.0-1)
debian
CVE-2023-25735P3HIGHCVSS 8.8fixed in firefox 110.0-1 (sid)2023
CVE-2023-25735 [HIGH] CVE-2023-25735: firefox - Cross-compartment wrappers wrapping a scripted proxy could have caused objects f... Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)
debian
CVE-2022-42932P3HIGHCVSS 8.8fixed in firefox 106.0-1 (sid)2022
CVE-2022-42932 [HIGH] CVE-2022-42932: firefox - Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safe... Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbi
debian
CVE-2022-22764P3HIGHCVSS 8.8fixed in firefox 97.0-1 (sid)2022
CVE-2022-22764 [HIGH] CVE-2022-22764: firefox - Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safe... Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR <
debian
CVE-2023-37202P3HIGHCVSS 8.8fixed in firefox 115.0-1 (sid)2023
CVE-2023-37202 [HIGH] CVE-2023-37202: firefox - Cross-compartment wrappers wrapping a scripted proxy could have caused objects f... Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Scope: local sid: resolved (fixed in 115.0-1)
debian
CVE-2017-7786P3CRITICALCVSS 9.8fixed in firefox 55.0-1 (sid)2017
CVE-2017-7786 [CRITICAL] CVE-2017-7786: firefox - A buffer overflow can occur when the image renderer attempts to paint non-displa... A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)
debian
Debian Firefox vulnerabilities | cvebase