Debian Firefox vulnerabilities
1,550 known vulnerabilities affecting debian/firefox.
Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42
Vulnerabilities
Page 25 of 78
CVE-2024-11704P3CRITICALCVSS 9.8fixed in firefox 134.0-1 (sid)2024
CVE-2024-11704 [CRITICAL] CVE-2024-11704: firefox - A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` w...
A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133, Thunderbird < 133, Firefox ESR < 128.7, and Thunderbird < 128.7.
Scope: local
sid: resolved (
debian
CVE-2024-6604P3HIGHCVSS 7.5fixed in firefox 128.0-1 (sid)2024
CVE-2024-6604 [HIGH] CVE-2024-6604: firefox - Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 1...
Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
Scope: local
sid
debian
CVE-2022-34485P3CRITICALCVSS 9.8fixed in firefox 102.0-1 (sid)2022
CVE-2022-34485 [CRITICAL] CVE-2022-34485: firefox - Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported po...
Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102.
Scope: local
sid: resolved (fixed in
debian
CVE-2022-34476P3CRITICALCVSS 9.8fixed in firefox 102.0-1 (sid)2022
CVE-2022-34476 [CRITICAL] CVE-2022-34476: firefox - ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have re...
ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox < 102.
Scope: local
sid: resolved (fixed in 102.0-1)
debian
CVE-2024-8900P3HIGHCVSS 7.5fixed in firefox 129.0-1 (sid)2024
CVE-2024-8900 [HIGH] CVE-2024-8900: firefox - An attacker could write data to the user's clipboard, bypassing the user prompt,...
An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3.
Scope: local
sid: resolved (fixed in 129.0-1)
debian
CVE-2016-9066P3HIGHCVSS 7.5fixed in firefox 50.0-1 (sid)2016
CVE-2016-9066 [HIGH] CVE-2016-9066: firefox - A buffer overflow resulting in a potentially exploitable crash due to memory all...
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
Scope: local
sid: resolved (fixed in 50.0-1)
debian
CVE-2018-12363P3HIGHCVSS 8.8fixed in firefox 61.0-1 (sid)2018
CVE-2018-12363 [HIGH] CVE-2018-12363: firefox - A use-after-free vulnerability can occur when script uses mutation events to mov...
A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ES
debian
CVE-2024-2615P3CRITICALCVSS 9.8fixed in firefox 124.0-1 (sid)2024
CVE-2024-2615 [CRITICAL] CVE-2024-2615: firefox - Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of...
Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124.
Scope: local
sid: resolved (fixed in 124.0-1)
debian
CVE-2024-5701P3CRITICALCVSS 9.8fixed in firefox 127.0-1 (sid)2024
CVE-2024-5701 [CRITICAL] CVE-2024-5701: firefox - Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of...
Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127.
Scope: local
sid: resolved (fixed in 127.0-1)
debian
CVE-2024-8389P3CRITICALCVSS 9.8fixed in firefox 130.0-1 (sid)2024
CVE-2024-8389 [CRITICAL] CVE-2024-8389: firefox - Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of...
Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130.
Scope: local
sid: resolved (fixed in 130.0-1)
debian
CVE-2016-1959P3HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-1959 [HIGH] CVE-2016-1959: firefox - The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote atta...
The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API.
Scope: local
sid: resolved (fixed in 45.0-1)
debian
CVE-2020-12417P3HIGHCVSS 8.8fixed in firefox 78.0-1 (sid)2020
CVE-2020-12417 [HIGH] CVE-2020-12417: firefox - Due to confusion about ValueTags on JavaScript Objects, an object may pass throu...
Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
Scope: local
sid: resolved (fixed in 78.0-1)
debian
CVE-2025-14325P3HIGHCVSS 7.3fixed in firefox 146.0-1 (sid)2025
CVE-2025-14325 [HIGH] CVE-2025-14325: firefox - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability a...
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
Scope: local
sid: resolved (fixed in 146.0-1)
debian
CVE-2025-14332P3HIGHCVSS 7.3fixed in firefox 146.0-1 (sid)2025
CVE-2025-14332 [HIGH] CVE-2025-14332: firefox - Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bug...
Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146 and Thunderbird < 146.
Scope: local
sid: resolved (fixed in 146.0-1)
debian
CVE-2006-5633P4LOWCVSS 5.0PoCfixed in firefox 45.0-1 (sid)2006
CVE-2006-5633 [MEDIUM] CVE-2006-5633: firefox - Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a ...
Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was poss
debian
CVE-2020-6800P3HIGHCVSS 8.8fixed in firefox 73.0-1 (sid)2020
CVE-2020-6800 [HIGH] CVE-2020-6800: firefox - Mozilla developers and community members reported memory safety bugs present in ...
Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited through email in the Thunderbird product because script
debian
CVE-2016-1951P3HIGHCVSS 8.6fixed in firefox 45.0-1 (sid)2016
CVE-2016-1951 [HIGH] CVE-2016-1951: firefox - Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (N...
Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.
Scope: local
sid: resolved (fixed in 45.0-1)
debian
CVE-2020-12422P3HIGHCVSS 8.8fixed in firefox 78.0-1 (sid)2020
CVE-2020-12422 [HIGH] CVE-2020-12422: firefox - In non-standard configurations, a JPEG image created by JavaScript could have ca...
In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78.
Scope: local
sid: resolved (fixed in 78.0-1)
debian
CVE-2020-12420P3HIGHCVSS 8.8fixed in firefox 78.0-1 (sid)2020
CVE-2020-12420 [HIGH] CVE-2020-12420: firefox - When trying to connect to a STUN server, a race condition could have caused a us...
When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
Scope: local
sid: resolved (fixed in 78.0-1)
debian
CVE-2019-11740P3HIGHCVSS 8.8fixed in firefox 69.0-1 (sid)2019
CVE-2019-11740 [HIGH] CVE-2019-11740: firefox - Mozilla developers and community members reported memory safety bugs present in ...
Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firef
debian