Debian Firefox vulnerabilities
1,550 known vulnerabilities affecting debian/firefox.
Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42
Vulnerabilities
Page 28 of 78
CVE-2018-5103P3CRITICALCVSS 9.8fixed in firefox 58.0-1 (sid)2018
CVE-2018-5103 [CRITICAL] CVE-2018-5103: firefox - A use-after-free vulnerability can occur during mouse event handling due to issu...
A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
Scope: local
sid: resolved (fixed in 58.0-1)
debian
CVE-2017-5441P3CRITICALCVSS 9.8fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5441 [CRITICAL] CVE-2017-5441: firefox - A use-after-free vulnerability when holding a selection during scroll events. Th...
A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
Scope: local
sid: resolved (fixed in 52.0.1-1)
debian
CVE-2018-5148P3CRITICALCVSS 9.8fixed in firefox 59.0.2-1 (sid)2018
CVE-2018-5148 [CRITICAL] CVE-2018-5148: firefox - A use-after-free vulnerability can occur in the compositor during certain graphi...
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2.
Scope: local
sid: resolved (fixed in 59.0.2-1)
debian
CVE-2017-5430P3CRITICALCVSS 9.8fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5430 [CRITICAL] CVE-2017-5430: firefox - Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird ...
Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
Scope: local
sid: resolved (fixed in 52.0
debian
CVE-2017-5402P3CRITICALCVSS 9.8fixed in firefox 52.0-1 (sid)2017
CVE-2017-5402 [CRITICAL] CVE-2017-5402: firefox - A use-after-free can occur when events are fired for a "FontFace" object after t...
A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
Scope: local
sid: resolved (fixed in 52.0-1)
debian
CVE-2024-2608P3HIGHCVSS 8.4fixed in firefox 124.0-1 (sid)2024
CVE-2024-2608 [HIGH] CVE-2024-2608: firefox - `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEn...
`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
Scope: local
sid: resolved (fixed in 124.0-1)
debian
CVE-2017-7750P3CRITICALCVSS 9.8fixed in firefox 54.0-1 (sid)2017
CVE-2017-7750 [CRITICAL] CVE-2017-7750: firefox - A use-after-free vulnerability during video control operations when a "<track>" ...
A use-after-free vulnerability during video control operations when a "" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
Scope: local
sid: resolved (fixed in 54.0-1)
debian
CVE-2017-7802P3CRITICALCVSS 9.8fixed in firefox 55.0-1 (sid)2017
CVE-2017-7802 [CRITICAL] CVE-2017-7802: firefox - A use-after-free vulnerability can occur when manipulating the DOM during the re...
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Scope: local
sid: r
debian
CVE-2018-5166P3HIGHCVSS 7.5fixed in firefox 60.0-1 (sid)2018
CVE-2018-5166 [HIGH] CVE-2018-5166: firefox - WebExtensions can use request redirection and a "filterReponseData" filter to by...
WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60.
Scope: local
sid: resolved (fixed in 60.0-1)
debian
CVE-2017-7756P3CRITICALCVSS 9.8fixed in firefox 54.0-1 (sid)2017
CVE-2017-7756 [CRITICAL] CVE-2017-7756: firefox - A use-after-free and use-after-scope vulnerability when logging errors from head...
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
Scope: local
sid: resolved (fixed in 54.0-1)
debian
CVE-2017-5442P3CRITICALCVSS 9.8fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5442 [CRITICAL] CVE-2017-5442: firefox - A use-after-free vulnerability during changes in style when manipulating DOM ele...
A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
Scope: local
sid: resolved (fixed in 52.0.1-1)
debian
CVE-2017-5472P3CRITICALCVSS 9.8fixed in firefox 54.0-1 (sid)2017
CVE-2017-5472 [CRITICAL] CVE-2017-5472: firefox - A use-after-free vulnerability with the frameloader during tree reconstruction w...
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
Scope: local
sid: resolved (fixed in 54.0-1)
debian
CVE-2025-1943P3HIGHCVSS 8.2fixed in firefox 136.0-1 (sid)2025
CVE-2025-1943 [HIGH] CVE-2025-1943: firefox - Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bug...
Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136 and Thunderbird < 136.
Scope: local
sid: resolved (fixed in 136.0-1)
debian
CVE-2019-11709P3CRITICALCVSS 9.8fixed in firefox 68.0-1 (sid)2019
CVE-2019-11709 [CRITICAL] CVE-2019-11709: firefox - Mozilla developers and community members reported memory safety bugs present in ...
Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Scope: loc
debian
CVE-2024-1557P3HIGHCVSS 8.1fixed in firefox 123.0-1 (sid)2024
CVE-2024-1557 [HIGH] CVE-2024-1557: firefox - Memory safety bugs present in Firefox 122. Some of these bugs showed evidence of...
Memory safety bugs present in Firefox 122. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123.
Scope: local
sid: resolved (fixed in 123.0-1)
debian
CVE-2019-11713P3CRITICALCVSS 9.8fixed in firefox 68.0-1 (sid)2019
CVE-2019-11713 [CRITICAL] CVE-2019-11713: firefox - A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream i...
A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Scope: local
sid: resolved (fixed in 68.0-1)
debian
CVE-2025-1932P3HIGHCVSS 8.1fixed in firefox 136.0-1 (sid)2025
CVE-2025-1932 [HIGH] CVE-2025-1932: firefox - An inconsistent comparator in xslt/txNodeSorter could have resulted in potential...
An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
Scope: local
sid: resolved (fixed in 136.0-1)
debian
CVE-2025-9180P3HIGHCVSS 8.1fixed in firefox 142.0-1 (sid)2025
CVE-2025-9180 [HIGH] CVE-2025-9180: firefox - Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerabilit...
Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
Scope: local
sid: resolved (fixed in 142.0-1)
debian
CVE-2025-13017P3HIGHCVSS 8.1fixed in firefox 145.0-1 (sid)2025
CVE-2025-13017 [HIGH] CVE-2025-13017: firefox - Same-origin policy bypass in the DOM: Notifications component. This vulnerabilit...
Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
Scope: local
sid: resolved (fixed in 145.0-1)
debian
CVE-2025-13019P3HIGHCVSS 8.1fixed in firefox 145.0-1 (sid)2025
CVE-2025-13019 [HIGH] CVE-2025-13019: firefox - Same-origin policy bypass in the DOM: Workers component. This vulnerability affe...
Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
Scope: local
sid: resolved (fixed in 145.0-1)
debian