Debian Firefox vulnerabilities
1,550 known vulnerabilities affecting debian/firefox.
Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42
Vulnerabilities
Page 27 of 78
CVE-2017-7785P3CRITICALCVSS 9.8fixed in firefox 55.0-1 (sid)2017
CVE-2017-7785 [CRITICAL] CVE-2017-7785: firefox - A buffer overflow can occur when manipulating Accessible Rich Internet Applicati...
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Scope: local
sid: resolved (fixed in 55.0-1)
debian
CVE-2023-6866P3HIGHCVSS 8.8fixed in firefox 121.0-1 (sid)2023
CVE-2023-6866 [HIGH] CVE-2023-6866: firefox - TypedArrays can be fallible and lacked proper exception handling. This could lea...
TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121.
Scope: local
sid: resolved (fixed in 121.0-1)
debian
CVE-2018-12393P3HIGHCVSS 7.5fixed in firefox 63.0-1 (sid)2018
CVE-2018-12393 [HIGH] CVE-2018-12393: firefox - A potential vulnerability was found in 32-bit builds where an integer overflow d...
A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox E
debian
CVE-2023-6213P3HIGHCVSS 8.8fixed in firefox 120.0-1 (sid)2023
CVE-2023-6213 [HIGH] CVE-2023-6213: firefox - Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of...
Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120.
Scope: local
sid: resolved (fixed in 120.0-1)
debian
CVE-2022-46883P3HIGHCVSS 8.8fixed in firefox 107.0-1 (sid)2022
CVE-2022-46883 [HIGH] CVE-2022-46883: firefox - Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Moz...
Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.*Note*: This advisory was added on December 13th, 2022 after
debian
CVE-2022-28284P3HIGHCVSS 8.8fixed in firefox 99.0-1 (sid)2022
CVE-2022-28284 [HIGH] CVE-2022-28284: firefox - SVG's <code><use></code> element could have been used to load unexpected c...
SVG's element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko's implementation was aligned with theirs. This vulnerability affects Firefox < 99.
Scope: local
sid: resolve
debian
CVE-2023-29551P3HIGHCVSS 8.8fixed in firefox 112.0-1 (sid)2023
CVE-2023-29551 [HIGH] CVE-2023-29551: firefox - Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of...
Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
Scope: local
sid: resolved (fixed in 112.0-1)
debian
CVE-2024-6615P3HIGHCVSS 8.8fixed in firefox 128.0-1 (sid)2024
CVE-2024-6615 [HIGH] CVE-2024-6615: firefox - Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bug...
Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128 and Thunderbird < 128.
Scope: local
sid: resolved (fixed in 128.0-1)
debian
CVE-2016-5256P3CRITICALCVSS 9.8fixed in firefox 49.0-1 (sid)2016
CVE-2016-5256 [CRITICAL] CVE-2016-5256: firefox - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox be...
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Scope: local
sid: resolved (fixed in 49.0-1)
debian
CVE-2017-5400P3CRITICALCVSS 9.8fixed in firefox 52.0-1 (sid)2017
CVE-2017-5400 [CRITICAL] CVE-2017-5400: firefox - JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASL...
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
Scope: local
sid: resolved (fixed in 52.0-1)
debian
CVE-2019-11716P3HIGHCVSS 8.3fixed in firefox 68.0-1 (sid)2019
CVE-2019-11716 [HIGH] CVE-2019-11716: firefox - Until explicitly accessed by script, window.globalThis is not enumerable and, as...
Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes to be bypassed. This vulnerability affects Firefox < 68.
Scope: local
debian
CVE-2018-5154P3CRITICALCVSS 9.8fixed in firefox 60.0-1 (sid)2018
CVE-2018-5154 [CRITICAL] CVE-2018-5154: firefox - A use-after-free vulnerability can occur while enumerating attributes during SVG...
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
Scope: local
sid: resolved (fixed in 60.0-1)
debian
CVE-2017-5376P3CRITICALCVSS 9.8fixed in firefox 51.0-1 (sid)2017
CVE-2017-5376 [CRITICAL] CVE-2017-5376: firefox - Use-after-free while manipulating XSL in XSLT documents. This vulnerability affe...
Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
Scope: local
sid: resolved (fixed in 51.0-1)
debian
CVE-2018-12390P3CRITICALCVSS 9.8fixed in firefox 63.0-1 (sid)2018
CVE-2018-12390 [CRITICAL] CVE-2018-12390: firefox - Mozilla developers and community members reported memory safety bugs present in ...
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.
Scope: loc
debian
CVE-2018-12405P3CRITICALCVSS 9.8fixed in firefox 64.0-1 (sid)2018
CVE-2018-12405 [CRITICAL] CVE-2018-12405: firefox - Mozilla developers and community members reported memory safety bugs present in ...
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
Scope: loc
debian
CVE-2018-5150P3CRITICALCVSS 9.8fixed in firefox 60.0-1 (sid)2018
CVE-2018-5150 [CRITICAL] CVE-2018-5150: firefox - Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbir...
Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
Scope: local
debian
CVE-2017-5435P3CRITICALCVSS 9.8fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5435 [CRITICAL] CVE-2017-5435: firefox - A use-after-free vulnerability occurs during transaction processing in the edito...
A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
Scope: local
sid: resolved (fixed in 52.0.1-1)
debian
CVE-2017-5432P3CRITICALCVSS 9.8fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5432 [CRITICAL] CVE-2017-5432: firefox - A use-after-free vulnerability occurs during certain text input selection result...
A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
Scope: local
sid: resolved (fixed in 52.0.1-1)
debian
CVE-2017-5446P3CRITICALCVSS 9.8fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5446 [CRITICAL] CVE-2017-5446: firefox - An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames...
An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
Scope: local
sid: resolved (fixed in 52.0.1-1)
debian
CVE-2018-5099P3CRITICALCVSS 9.8fixed in firefox 58.0-1 (sid)2018
CVE-2018-5099 [CRITICAL] CVE-2018-5099: firefox - A use-after-free vulnerability can occur when the widget listener is holding str...
A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
Scope: local
sid: resolved (fixed in 58.0-1)
debian