cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 29 of 78
CVE-2020-6825P3CRITICALCVSS 9.8fixed in firefox 75.0-1 (sid)2020
CVE-2020-6825 [CRITICAL] CVE-2020-6825: firefox - Mozilla developers and community members Tyson Smith and Christian Holler report... Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR <
debian
CVE-2025-14322P3HIGHCVSS 8.0fixed in firefox 146.0-1 (sid)2025
CVE-2025-14322 [HIGH] CVE-2025-14322: firefox - Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL... Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. Scope: local sid: resolved (fixed in 146.0-1)
debian
CVE-2025-0241P3HIGHCVSS 7.7fixed in firefox 134.0-1 (sid)2025
CVE-2025-0241 [HIGH] CVE-2025-0241: firefox - When segmenting specially crafted text, segmentation would corrupt memory leadin... When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Scope: local sid: resolved (fixed in 134.0-1)
debian
CVE-2018-12362P3HIGHCVSS 8.8fixed in firefox 61.0-1 (sid)2018
CVE-2018-12362 [HIGH] CVE-2018-12362: firefox - An integer overflow can occur during graphics operations done by the Supplementa... An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Scope: local sid: resolved (fixed in 61.0-1)
debian
CVE-2024-10466P3HIGHCVSS 7.5fixed in firefox 132.0-1 (sid)2024
CVE-2024-10466 [HIGH] CVE-2024-10466: firefox - By sending a specially crafted push message, a remote server could have hung the... By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. Scope: local sid: resolved (fixed in 132.0-1)
debian
CVE-2023-5731P3CRITICALCVSS 9.8fixed in firefox 119.0-1 (sid)2023
CVE-2023-5731 [CRITICAL] CVE-2023-5731: firefox - Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of... Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119. Scope: local sid: resolved (fixed in 119.0-1)
debian
CVE-2026-4686P3HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026
CVE-2026-4686 [HIGH] CVE-2026-4686: firefox - Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerab... Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2026-4685P3HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026
CVE-2026-4685 [HIGH] CVE-2026-4685: firefox - Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerab... Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2026-4707P3HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026
CVE-2026-4707 [HIGH] CVE-2026-4707: firefox - Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerab... Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2018-12360P3HIGHCVSS 8.8fixed in firefox 61.0-1 (sid)2018
CVE-2018-12360 [HIGH] CVE-2018-12360: firefox - A use-after-free vulnerability can occur when deleting an input element during a... A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Scope: local sid: resolved (fixed in 61.0-1)
debian
CVE-2026-4684P3HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026
CVE-2026-4684 [HIGH] CVE-2026-4684: firefox - Race condition, use-after-free in the Graphics: WebRender component. This vulner... Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2025-14327P3HIGHCVSS 7.5fixed in firefox 146.0-1 (sid)2025
CVE-2025-14327 [HIGH] CVE-2025-14327: firefox - Spoofing issue in the Downloads Panel component. This vulnerability affects Fire... Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146, Thunderbird < 146, Firefox ESR < 140.7, and Thunderbird < 140.7. Scope: local sid: resolved (fixed in 146.0-1)
debian
CVE-2006-0748P3HIGHCVSS 9.3fixed in firefox 1.5.dfsg+1.5.0.2-1 (sid)2006
CVE-2006-0748 [CRITICAL] CVE-2006-0748: firefox - Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozil... Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.2-1)
debian
CVE-2016-1974P3HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-1974 [HIGH] CVE-2016-1974: firefox - The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and... The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document. Scope: local sid: resolved (fixed in 45.0-1)
debian
CVE-2025-13012P3HIGHCVSS 7.5fixed in firefox 145.0-1 (sid)2025
CVE-2025-13012 [HIGH] CVE-2025-13012: firefox - Race condition in the Graphics component. This vulnerability affects Firefox < 1... Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. Scope: local sid: resolved (fixed in 145.0-1)
debian
CVE-2024-4778P3CRITICALCVSS 9.8fixed in firefox 126.0-1 (sid)2024
CVE-2024-4778 [CRITICAL] CVE-2024-4778: firefox - Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of... Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126. Scope: local sid: resolved (fixed in 126.0-1)
debian
CVE-2020-6806P3HIGHCVSS 8.8fixed in firefox 74.0-1 (sid)2020
CVE-2020-6806 [HIGH] CVE-2020-6806: firefox - By carefully crafting promise resolutions, it was possible to cause an out-of-bo... By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. Scope: local sid: resolved (fixed in 74.0
debian
CVE-2020-12419P3HIGHCVSS 8.8fixed in firefox 78.0-1 (sid)2020
CVE-2020-12419 [HIGH] CVE-2020-12419: firefox - When processing callbacks that occurred during window flushing in the parent pro... When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. Scope: local sid: resolved (fixed in 78.0-1)
debian
CVE-2019-11752P3HIGHCVSS 8.8fixed in firefox 69.0-1 (sid)2019
CVE-2019-11752 [HIGH] CVE-2019-11752: firefox - It is possible to delete an IndexedDB key value and subsequently try to extract ... It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. Scope: local sid: resolved (fixed in 69.0-1)
debian
CVE-2017-7752P3HIGHCVSS 8.8fixed in firefox 54.0-1 (sid)2017
CVE-2017-7752 [HIGH] CVE-2017-7752: firefox - A use-after-free vulnerability during specific user interactions with the input ... A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Scope: local sid: resolved (fixe
debian
Debian Firefox vulnerabilities | cvebase