cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 23 of 78
CVE-2022-38473P3HIGHCVSS 8.8fixed in firefox 104.0-1 (sid)2022
CVE-2022-38473 [HIGH] CVE-2022-38473: firefox - A cross-origin iframe referencing an XSLT document would inherit the parent doma... A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104. Scope: local sid: resolved (fixed in 104.0-1)
debian
CVE-2023-28161P3HIGHCVSS 8.8fixed in firefox 111.0-1 (sid)2023
CVE-2023-28161 [HIGH] CVE-2023-28161: firefox - If temporary "one-time" permissions, such as the ability to use the Camera, were... If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, such as in a download directory. This vulnerability affects Firefox < 111.
debian
CVE-2024-7522P3HIGHCVSS 8.8fixed in firefox 129.0-1 (sid)2024
CVE-2024-7522 [HIGH] CVE-2024-7522: firefox - Editor code failed to check an attribute value. This could have led to an out-of... Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Scope: local sid: resolved (fixed in 129.0-1)
debian
CVE-2024-4770P3HIGHCVSS 8.8fixed in firefox 126.0-1 (sid)2024
CVE-2024-4770 [HIGH] CVE-2024-4770: firefox - When saving a page to PDF, certain font styles could have led to a potential use... When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Scope: local sid: resolved (fixed in 126.0-1)
debian
CVE-2023-4047P3HIGHCVSS 8.8fixed in firefox 116.0-1 (sid)2023
CVE-2023-4047 [HIGH] CVE-2023-4047: firefox - A bug in popup notifications delay calculation could have made it possible for a... A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Scope: local sid: resolved (fixed in 116.0-1)
debian
CVE-2023-37209P3HIGHCVSS 8.8fixed in firefox 115.0-1 (sid)2023
CVE-2023-37209 [HIGH] CVE-2023-37209: firefox - A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSe... A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox < 115. Scope: local sid: resolved (fixed in 115.0-1)
debian
CVE-2024-9400P3HIGHCVSS 8.8fixed in firefox 131.0-1 (sid)2024
CVE-2024-9400 [HIGH] CVE-2024-9400: firefox - A potential memory corruption vulnerability could be triggered if an attacker ha... A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Scope: local sid: resolved (fixed in 131.0-1)
debian
CVE-2017-5455P3HIGHCVSS 7.5fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5455 [HIGH] CVE-2017-5455: firefox - The internal feed reader APIs that crossed the sandbox barrier allowed for a san... The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)
debian
CVE-2017-7824P3CRITICALCVSS 9.8fixed in firefox 56.0-1 (sid)2017
CVE-2017-7824 [CRITICAL] CVE-2017-7824: firefox - A buffer overflow occurs when drawing and validating elements with the ANGLE gra... A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Scope: local sid: resolved (fixed
debian
CVE-2017-5434P3CRITICALCVSS 9.8fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5434 [CRITICAL] CVE-2017-5434: firefox - A use-after-free vulnerability occurs when redirecting focus handling which resu... A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)
debian
CVE-2017-5433P3CRITICALCVSS 9.8fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5433 [CRITICAL] CVE-2017-5433: firefox - A use-after-free vulnerability in SMIL animation functions occurs when pointers ... A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed in
debian
CVE-2017-5439P3CRITICALCVSS 9.8fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5439 [CRITICAL] CVE-2017-5439: firefox - A use-after-free vulnerability during XSLT processing due to poor handling of te... A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)
debian
CVE-2017-7784P3CRITICALCVSS 9.8fixed in firefox 55.0-1 (sid)2017
CVE-2017-7784 [CRITICAL] CVE-2017-7784: firefox - A use-after-free vulnerability can occur when reading an image observer during f... A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)
debian
CVE-2016-9898P3CRITICALCVSS 9.8fixed in firefox 50.1.0-1 (sid)2016
CVE-2016-9898 [CRITICAL] CVE-2016-9898: firefox - Use-after-free resulting in potentially exploitable crash when manipulating DOM ... Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Scope: local sid: resolved (fixed in 50.1.0-1)
debian
CVE-2018-18501P3CRITICALCVSS 9.8fixed in firefox 65.0-1 (sid)2018
CVE-2018-18501 [CRITICAL] CVE-2018-18501: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. Scope: loc
debian
CVE-2017-5429P3CRITICALCVSS 9.8fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5429 [CRITICAL] CVE-2017-5429: firefox - Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52... Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Sco
debian
CVE-2018-12378P3CRITICALCVSS 9.8fixed in firefox 62.0-1 (sid)2018
CVE-2018-12378 [CRITICAL] CVE-2018-12378: firefox - A use-after-free vulnerability can occur when an IndexedDB index is deleted whil... A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. Scope: local sid: resolved (fixed in 62.0-1)
debian
CVE-2018-12377P3CRITICALCVSS 9.8fixed in firefox 62.0-1 (sid)2018
CVE-2018-12377 [CRITICAL] CVE-2018-12377: firefox - A use-after-free vulnerability can occur when refresh driver timers are refreshe... A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. Scope: local sid: resolved (fixed in 62.0-1)
debian
CVE-2017-7792P3CRITICALCVSS 9.8fixed in firefox 55.0-1 (sid)2017
CVE-2017-7792 [CRITICAL] CVE-2017-7792: firefox - A buffer overflow will occur when viewing a certificate in the certificate manag... A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)
debian
CVE-2017-5380P3CRITICALCVSS 9.8fixed in firefox 51.0-1 (sid)2017
CVE-2017-5380 [CRITICAL] CVE-2017-5380: firefox - A potential use-after-free found through fuzzing during DOM manipulation of SVG ... A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)
debian
Debian Firefox vulnerabilities | cvebase