Debian Firefox vulnerabilities
1,550 known vulnerabilities affecting debian/firefox.
Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42
Vulnerabilities
Page 30 of 78
CVE-2019-17012P3HIGHCVSS 8.8fixed in firefox 71.0-1 (sid)2019
CVE-2019-17012 [HIGH] CVE-2019-17012: firefox - Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox...
Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
Scope: local
sid: resolved (fixed
debian
CVE-2019-11746P3HIGHCVSS 8.8fixed in firefox 69.0-1 (sid)2019
CVE-2019-11746 [HIGH] CVE-2019-11746: firefox - A use-after-free vulnerability can occur while manipulating video elements if th...
A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
Scope: local
sid: resolved (fixed in 69.0-1)
debian
CVE-2019-11711P3HIGHCVSS 8.8fixed in firefox 68.0-1 (sid)2019
CVE-2019-11711 [HIGH] CVE-2019-11711: firefox - When an inner window is reused, it does not consider the use of document.domain ...
When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerabil
debian
CVE-2019-11764P3HIGHCVSS 8.8fixed in firefox 70.0-1 (sid)2019
CVE-2019-11764 [HIGH] CVE-2019-11764: firefox - Mozilla developers and community members reported memory safety bugs present in ...
Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
Scope: local
sid: r
debian
CVE-2021-29970P3HIGHCVSS 8.8fixed in firefox 90.0-1 (sid)2021
CVE-2021-29970 [HIGH] CVE-2021-29970: firefox - A malicious webpage could have triggered a use-after-free, memory corruption, an...
A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.
Scope: local
sid: resolved (fixed in 90.0-1)
debian
CVE-2021-29988P3HIGHCVSS 8.8fixed in firefox 91.0-1 (sid)2021
CVE-2021-29988 [HIGH] CVE-2021-29988: firefox - Firefox incorrectly treated an inline list-item element as a block element, resu...
Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
Scope: local
sid: resolved (fixed in 91.0-1)
debian
CVE-2019-11757P3HIGHCVSS 8.8fixed in firefox 70.0-1 (sid)2019
CVE-2019-11757 [HIGH] CVE-2019-11757: firefox - When following the value's prototype chain, it was possible to retain a referenc...
When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
Scope: local
sid: resolved (fixed in 70.0-1)
debian
CVE-2020-26959P3HIGHCVSS 8.8fixed in firefox 83.0-1 (sid)2020
CVE-2020-26959 [HIGH] CVE-2020-26959: firefox - During browser shutdown, reference decrementing could have occured on a previous...
During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
Scope: local
sid: resolved (fixed in 83.0-1)
debian
CVE-2021-29981P3HIGHCVSS 8.8fixed in firefox 91.0-1 (sid)2021
CVE-2021-29981 [HIGH] CVE-2021-29981: firefox - An issue present in lowering/register allocation could have led to obscure but d...
An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91.
Scope: local
sid: resolved (fixed in 91.0-1)
debian
CVE-2018-6156P3HIGHCVSS 8.8fixed in firefox 70.0-1 (sid)2018
CVE-2018-6156 [HIGH] CVE-2018-6156: firefox - Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0....
Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
Scope: local
sid: resolved (fixed in 70.0-1)
debian
CVE-2018-5095P3CRITICALCVSS 9.8fixed in firefox 58.0-1 (sid)2018
CVE-2018-5095 [CRITICAL] CVE-2018-5095: firefox - An integer overflow vulnerability in the Skia library when allocating memory for...
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
Scope: local
sid: resolved (fixed in 58.0-1)
debian
CVE-2023-32213P3HIGHCVSS 8.8fixed in firefox 113.0-1 (sid)2023
CVE-2023-32213 [HIGH] CVE-2023-32213: firefox - When reading a file, an uninitialized value could have been used as read limit. ...
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Scope: local
sid: resolved (fixed in 113.0-1)
debian
CVE-2022-28289P3HIGHCVSS 8.8fixed in firefox 99.0-1 (sid)2022
CVE-2022-28289 [HIGH] CVE-2022-28289: firefox - Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriel...
Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunder
debian
CVE-2023-25745P3HIGHCVSS 8.8fixed in firefox 110.0-1 (sid)2023
CVE-2023-25745 [HIGH] CVE-2023-25745: firefox - Memory safety bugs present in Firefox 109. Some of these bugs showed evidence of...
Memory safety bugs present in Firefox 109. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110.
Scope: local
sid: resolved (fixed in 110.0-1)
debian
CVE-2022-31740P3HIGHCVSS 8.8fixed in firefox 101.0-1 (sid)2022
CVE-2022-31740 [HIGH] CVE-2022-31740: firefox - On arm64, WASM code could have resulted in incorrect assembly generation leading...
On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
Scope: local
sid: resolved (fixed in 101.0-1)
debian
CVE-2017-5396P3CRITICALCVSS 9.8fixed in firefox 51.0-1 (sid)2017
CVE-2017-5396 [CRITICAL] CVE-2017-5396: firefox - A use-after-free vulnerability in the Media Decoder when working with media file...
A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
Scope: local
sid: resolved (fixed in 51.0-1)
debian
CVE-2024-6609P3HIGHCVSS 8.8fixed in firefox 128.0-1 (sid)2024
CVE-2024-6609 [HIGH] CVE-2024-6609: firefox - When almost out-of-memory an elliptic curve key which was never allocated could ...
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128 and Thunderbird < 128.
Scope: local
sid: resolved (fixed in 128.0-1)
debian
CVE-2023-28177P3HIGHCVSS 8.8fixed in firefox 111.0-1 (sid)2023
CVE-2023-28177 [HIGH] CVE-2023-28177: firefox - Memory safety bugs present in Firefox 110. Some of these bugs showed evidence of...
Memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111.
Scope: local
sid: resolved (fixed in 111.0-1)
debian
CVE-2023-37212P3HIGHCVSS 8.8fixed in firefox 115.0-1 (sid)2023
CVE-2023-37212 [HIGH] CVE-2023-37212: firefox - Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of...
Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115.
Scope: local
sid: resolved (fixed in 115.0-1)
debian
CVE-2023-23606P3HIGHCVSS 8.8fixed in firefox 109.0-1 (sid)2023
CVE-2023-23606 [HIGH] CVE-2023-23606: firefox - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs pres...
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109.
Scope: local
sid: resolved (fixed in 109.0-1)
debian