Debian Firefox vulnerabilities
1,550 known vulnerabilities affecting debian/firefox.
Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42
Vulnerabilities
Page 24 of 78
CVE-2018-5098P3CRITICALCVSS 9.8fixed in firefox 58.0-1 (sid)2018
CVE-2018-5098 [CRITICAL] CVE-2018-5098: firefox - A use-after-free vulnerability can occur when form input elements, focus, and se...
A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
Scope: local
sid: resolved (fixed in 58.0-1)
debian
CVE-2018-12395P3HIGHCVSS 7.5fixed in firefox 63.0-1 (sid)2018
CVE-2018-12395 [HIGH] CVE-2018-12395: firefox - By rewriting the Host: request headers using the webRequest API, a WebExtension ...
By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.
Scope: local
sid: resolved (fixed in 63.0-1)
debian
CVE-2006-1730P3HIGHCVSS 9.3fixed in firefox 1.5.dfsg+1.5.0.2-1 (sid)2006
CVE-2006-1730 [CRITICAL] CVE-2006-1730: firefox - Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x...
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.
Scope: local
sid: resolved (fixed in 1.5.dfsg+1.5.0.2-1)
debian
CVE-2017-7800P3CRITICALCVSS 9.8fixed in firefox 55.0-1 (sid)2017
CVE-2017-7800 [CRITICAL] CVE-2017-7800: firefox - A use-after-free vulnerability can occur in WebSockets when the object holding t...
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Scope: local
sid: resolved (fixed in 55.0-1)
debian
CVE-2018-5115P3HIGHCVSS 7.5fixed in firefox 58.0-1 (sid)2018
CVE-2018-5115 [HIGH] CVE-2018-5115: firefox - If an HTTP authentication prompt is triggered by a background network request fr...
If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly send private cred
debian
CVE-2017-7749P3CRITICALCVSS 9.8fixed in firefox 54.0-1 (sid)2017
CVE-2017-7749 [CRITICAL] CVE-2017-7749: firefox - A use-after-free vulnerability when using an incorrect URL during the reloading ...
A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
Scope: local
sid: resolved (fixed in 54.0-1)
debian
CVE-2020-12395P3CRITICALCVSS 9.8fixed in firefox 76.0-1 (sid)2020
CVE-2020-12395 [CRITICAL] CVE-2020-12395: firefox - Mozilla developers and community members reported memory safety bugs present in ...
Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
Scope:
debian
CVE-2019-9788P3CRITICALCVSS 9.8fixed in firefox 66.0-1 (sid)2019
CVE-2019-9788 [CRITICAL] CVE-2019-9788: firefox - Mozilla developers and community members reported memory safety bugs present in ...
Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox
debian
CVE-2006-1728P3HIGHCVSS 9.3fixed in firefox 1.5.dfsg+1.5.0.2-1 (sid)2006
CVE-2006-1728 [CRITICAL] CVE-2006-1728: firefox - Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 ...
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.
Scope: local
sid: resolved (fixed in 1.5.dfsg+1.5.0.2-1)
debian
CVE-2026-0877P3HIGHCVSS 8.1fixed in firefox 147.0-1 (sid)2026
CVE-2026-0877 [HIGH] CVE-2026-0877: firefox - Mitigation bypass in the DOM: Security component. This vulnerability affects Fir...
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
Scope: local
sid: resolved (fixed in 147.0-1)
debian
CVE-2026-4718P3HIGHCVSS 8.1fixed in firefox 149.0-1 (sid)2026
CVE-2026-4718 [HIGH] CVE-2026-4718: firefox - Undefined behavior in the WebRTC: Signaling component. This vulnerability affect...
Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Scope: local
sid: resolved (fixed in 149.0-1)
debian
CVE-2019-9800P3CRITICALCVSS 9.8fixed in firefox 67.0-2 (sid)2019
CVE-2019-9800 [CRITICAL] CVE-2019-9800: firefox - Mozilla developers and community members reported memory safety bugs present in ...
Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR <
debian
CVE-2017-5403P3CRITICALCVSS 9.8fixed in firefox 52.0-1 (sid)2017
CVE-2017-5403 [CRITICAL] CVE-2017-5403: firefox - When adding a range to an object in the DOM, it is possible to use "addRange" to...
When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 52 and Thunderbird < 52.
Scope: local
sid: resolved (fixed in 52.0-1)
debian
CVE-2019-11691P3CRITICALCVSS 9.8fixed in firefox 67.0-2 (sid)2019
CVE-2019-11691 [CRITICAL] CVE-2019-11691: firefox - A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) ...
A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
Scope: local
sid: resolved (fixed in 67.0-2)
debian
CVE-2019-11733P3CRITICALCVSS 9.8fixed in firefox 68.0.2-1 (sid)2019
CVE-2019-11733 [CRITICAL] CVE-2019-11733: firefox - When a master password is set, it is required to be entered again before stored ...
When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if the master password had been previously entered in the same sess
debian
CVE-2016-2796P3HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-2796 [HIGH] CVE-2016-2796: firefox - Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in...
Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.
Scope: local
sid: resolved (fixed in 45.0-1)
debian
CVE-2006-6504P3HIGHCVSS 9.3fixed in firefox 45.0-1 (sid)2006
CVE-2006-6504 [CRITICAL] CVE-2006-6504: firefox - Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1...
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.
Scope: local
sid: resolved (fixed in 45.0-1)
debian
CVE-2017-5444P3HIGHCVSS 7.5fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5444 [HIGH] CVE-2017-5444: firefox - A buffer overflow vulnerability while parsing "application/http-index-format" fo...
A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
Scope: local
sid: resolved (fixed in 52.0.1-1)
debian
CVE-2021-4129P3CRITICALCVSS 9.8fixed in firefox 95.0-1 (sid)2021
CVE-2021-4129 [CRITICAL] CVE-2021-4129: firefox - Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele ...
Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability
debian
CVE-2022-29917P3CRITICALCVSS 9.8fixed in firefox 100.0-1 (sid)2022
CVE-2022-29917 [CRITICAL] CVE-2022-29917: firefox - Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla...
Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird <
debian