Debian Firefox vulnerabilities
1,550 known vulnerabilities affecting debian/firefox.
Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42
Vulnerabilities
Page 3 of 78
CVE-2019-9816P3MEDIUMCVSS 5.9PoCfixed in firefox 67.0-2 (sid)2019
CVE-2019-9816 [MEDIUM] CVE-2019-9816: firefox - A possible vulnerability exists where type confusion can occur when manipulating...
A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird < 60.7, Fir
debian
CVE-2022-2200P3HIGHCVSS 8.8fixed in firefox 102.0-1 (sid)2022
CVE-2022-2200 [HIGH] CVE-2022-2200: firefox - If an object prototype was corrupted by an attacker, they would have been able t...
If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Scope: local
sid: resolved (fixed in 102.0-1)
debian
CVE-2006-4253P3MEDIUMCVSS 7.6PoCfixed in firefox 1.5.dfsg+1.5.0.7-1 (sid)2006
CVE-2006-4253 [HIGH] CVE-2006-4253: firefox - Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote a...
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectl
debian
CVE-2006-0884P3CRITICALCVSS 9.3PoCfixed in firefox 1.5.dfsg+1.5.0.2-1 (sid)2006
CVE-2006-0884 [CRITICAL] CVE-2006-0884: firefox - The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 a...
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
Scope: local
sid: resolv
debian
CVE-2025-4918P3CRITICALCVSS 9.8fixed in firefox 138.0.4-1 (sid)2025
CVE-2025-4918 [CRITICAL] CVE-2025-4918: firefox - An attacker was able to perform an out-of-bounds read or write on a JavaScript `...
An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.
Scope: local
sid: resolved (fixed in 138.0.4-1)
debian
CVE-2018-18505P3CRITICALCVSS 10.0fixed in firefox 65.0-1 (sid)2018
CVE-2018-18505 [CRITICAL] CVE-2018-18505: firefox - An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-...
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. Th
debian
CVE-2021-38503P3CRITICALCVSS 10.0fixed in firefox 94.0-1 (sid)2021
CVE-2021-38503 [CRITICAL] CVE-2021-38503: firefox - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowin...
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
Scope: local
sid: resolved (fixed in 94.0-1)
debian
CVE-2019-25136P3CRITICALCVSS 10.0fixed in firefox 70.0-1 (sid)2019
CVE-2019-25136 [CRITICAL] CVE-2019-25136: firefox - A compromised child process could have injected XBL Bindings into privileged CSS...
A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70.
Scope: local
sid: resolved (fixed in 70.0-1)
debian
CVE-2026-4688P3CRITICALCVSS 10.0fixed in firefox 149.0-1 (sid)2026
CVE-2026-4688 [CRITICAL] CVE-2026-4688: firefox - Sandbox escape due to use-after-free in the Disability Access APIs component. Th...
Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Scope: local
sid: resolved (fixed in 149.0-1)
debian
CVE-2026-2768P3CRITICALCVSS 10.0fixed in firefox 148.0-1 (sid)2026
CVE-2026-2768 [CRITICAL] CVE-2026-2768: firefox - Sandbox escape in the Storage: IndexedDB component. This vulnerability affects F...
Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Scope: local
sid: resolved (fixed in 148.0-1)
debian
CVE-2026-0881P3CRITICALCVSS 10.0fixed in firefox 147.0-1 (sid)2026
CVE-2026-0881 [CRITICAL] CVE-2026-0881: firefox - Sandbox escape in the Messaging System component. This vulnerability affects Fir...
Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147 and Thunderbird < 147.
Scope: local
sid: resolved (fixed in 147.0-1)
debian
CVE-2024-8381P3CRITICALCVSS 9.8fixed in firefox 130.0-1 (sid)2024
CVE-2024-8381 [CRITICAL] CVE-2024-8381: firefox - A potentially exploitable type confusion could be triggered when looking up a pr...
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.
Scope: local
sid: resolved (fixed in 130.0-1)
debian
CVE-2026-4692P3CRITICALCVSS 10.0fixed in firefox 149.0-1 (sid)2026
CVE-2026-4692 [CRITICAL] CVE-2026-4692: firefox - Sandbox escape in the Responsive Design Mode component. This vulnerability affec...
Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Scope: local
sid: resolved (fixed in 149.0-1)
debian
CVE-2026-2776P3CRITICALCVSS 10.0fixed in firefox 148.0-1 (sid)2026
CVE-2026-2776 [CRITICAL] CVE-2026-2776: firefox - Sandbox escape due to incorrect boundary conditions in the Telemetry component i...
Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Scope: local
sid: resolved (fixed in 148.0-1)
debian
CVE-2026-2761P3CRITICALCVSS 10.0fixed in firefox 148.0-1 (sid)2026
CVE-2026-2761 [CRITICAL] CVE-2026-2761: firefox - Sandbox escape in the Graphics: WebRender component. This vulnerability affects ...
Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Scope: local
sid: resolved (fixed in 148.0-1)
debian
CVE-2026-2760P3CRITICALCVSS 10.0fixed in firefox 148.0-1 (sid)2026
CVE-2026-2760 [CRITICAL] CVE-2026-2760: firefox - Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender c...
Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Scope: local
sid: resolved (fixed in 148.0-1)
debian
CVE-2025-4919P3HIGHCVSS 8.8fixed in firefox 138.0.4-1 (sid)2025
CVE-2025-4919 [HIGH] CVE-2025-4919: firefox - An attacker was able to perform an out-of-bounds read or write on a JavaScript o...
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.
Scope: local
sid: resolved (fixed in 138.0.4-1)
debian
CVE-2025-0247P3CRITICALCVSS 9.8fixed in firefox 134.0-1 (sid)2025
CVE-2025-0247 [CRITICAL] CVE-2025-0247: firefox - Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bug...
Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134 and Thunderbird < 134.
Scope: local
sid: resolved (fixed in 134.0-1)
debian
CVE-2025-6424P3CRITICALCVSS 9.8fixed in firefox 140.0-1 (sid)2025
CVE-2025-6424 [CRITICAL] CVE-2025-6424: firefox - A use-after-free in FontFaceSet resulted in a potentially exploitable crash. Thi...
A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.
Scope: local
sid: resolved (fixed in 140.0-1)
debian
CVE-2016-0718P3CRITICALCVSS 9.8fixed in expat 2.1.1-2 (bookworm)2016
CVE-2016-0718 [CRITICAL] CVE-2016-0718: expat - Expat allows context-dependent attackers to cause a denial of service (crash) or...
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
Scope: local
bookworm: resolved (fixed in 2.1.1-2)
bullseye: resolved (fixed in 2.1.1-2)
forky: resolved (fixed in 2.1.1-2)
sid: resolved (fixed in 2.1.1-2)
trixie: resolved (fixed in 2.1.1
debian