Debian Firefox vulnerabilities
1,550 known vulnerabilities affecting debian/firefox.
Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42
Vulnerabilities
Page 31 of 78
CVE-2016-5276P3CRITICALCVSS 9.8fixed in firefox 49.0-1 (sid)2016
CVE-2016-5276 [CRITICAL] CVE-2016-5276: firefox - Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalid...
Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.
Scope: local
sid: resolved (fixed in 49.0-1)
debian
CVE-2025-1014P3HIGHCVSS 8.8fixed in firefox 135.0-1 (sid)2025
CVE-2025-1014 [HIGH] CVE-2025-1014: firefox - Certificate length was not properly checked when added to a certificate store. I...
Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
Scope: local
sid: resolved (fixed in 135.0-1)
debian
CVE-2017-5398P3CRITICALCVSS 9.8fixed in firefox 52.0-1 (sid)2017
CVE-2017-5398 [CRITICAL] CVE-2017-5398: firefox - Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed ...
Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
Scope: local
sid: resolved (fixed in 52.0-1)
debian
CVE-2018-5155P3CRITICALCVSS 9.8fixed in firefox 60.0-1 (sid)2018
CVE-2018-5155 [CRITICAL] CVE-2018-5155: firefox - A use-after-free vulnerability can occur while adjusting layout during SVG anima...
A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
Scope: local
sid: resolved (fixed in 60.0-1)
debian
CVE-2017-7819P3CRITICALCVSS 9.8fixed in firefox 56.0-1 (sid)2017
CVE-2017-7819 [CRITICAL] CVE-2017-7819: firefox - A use-after-free vulnerability can occur in design mode when image objects are r...
A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
Scope: local
sid: resolved (fixed in 56.0-1)
debian
CVE-2018-5089P3CRITICALCVSS 9.8fixed in firefox 58.0-1 (sid)2018
CVE-2018-5089 [CRITICAL] CVE-2018-5089: firefox - Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of the...
Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
Scope: local
sid: resolved (fixed in 58.0-1)
debian
CVE-2017-7826P3CRITICALCVSS 9.8fixed in firefox 57.0-1 (sid)2017
CVE-2017-7826 [CRITICAL] CVE-2017-7826: firefox - Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of the...
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
Scope: local
sid: resolved (fixed in 57.0-1)
debian
CVE-2017-7843P3HIGHCVSS 7.5fixed in firefox 57.0.1-1 (sid)2017
CVE-2017-7843 [HIGH] CVE-2017-7843: firefox - When Private Browsing mode is used, it is possible for a web worker to write per...
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and
debian
CVE-2020-12387P3HIGHCVSS 8.1fixed in firefox 76.0-1 (sid)2020
CVE-2020-12387 [HIGH] CVE-2020-12387: firefox - A race condition when running shutdown code for Web Worker led to a use-after-fr...
A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
Scope: local
sid: resolved (fixed in 76.0-1)
debian
CVE-2018-12376P3CRITICALCVSS 9.8fixed in firefox 62.0-1 (sid)2018
CVE-2018-12376 [CRITICAL] CVE-2018-12376: firefox - Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bug...
Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
Scope: local
sid: resolved (fixed in 62.0-1)
debian
CVE-2006-4310P4MEDIUMCVSS 4.3PoCfixed in firefox 45.0-1 (sid)2006
CVE-2006-4310 [MEDIUM] CVE-2006-4310: firefox - Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (cr...
Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI.
Scope: local
sid: resolved (fixed in 45.0-1)
debian
CVE-2017-5401P3CRITICALCVSS 9.8fixed in firefox 52.0-1 (sid)2017
CVE-2017-5401 [CRITICAL] CVE-2017-5401: firefox - A crash triggerable by web content in which an "ErrorResult" references unassign...
A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
Scope: local
sid: resolved (fixed in 52.0-1)
debian
CVE-2021-29986P3HIGHCVSS 8.1fixed in firefox 91.0-1 (sid)2021
CVE-2021-29986 [HIGH] CVE-2021-29986: firefox - A suspected race condition when calling getaddrinfo led to memory corruption and...
A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
Scope: local
sid: resolved (fixed in 91.0-1)
debian
CVE-2018-5187P3CRITICALCVSS 9.8fixed in firefox 61.0-1 (sid)2018
CVE-2018-5187 [CRITICAL] CVE-2018-5187: firefox - Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs ...
Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.
Scope: local
sid: resolved (fixed in 61.0-1)
debian
CVE-2017-7751P3CRITICALCVSS 9.8fixed in firefox 54.0-1 (sid)2017
CVE-2017-7751 [CRITICAL] CVE-2017-7751: firefox - A use-after-free vulnerability with content viewer listeners that results in a p...
A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
Scope: local
sid: resolved (fixed in 54.0-1)
debian
CVE-2017-7779P3CRITICALCVSS 9.8fixed in firefox 55.0-1 (sid)2017
CVE-2017-7779 [CRITICAL] CVE-2017-7779: firefox - Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbir...
Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Scope: local
sid: resolved (fixed in
debian
CVE-2017-7801P3CRITICALCVSS 9.8fixed in firefox 55.0-1 (sid)2017
CVE-2017-7801 [CRITICAL] CVE-2017-7801: firefox - A use-after-free vulnerability can occur while re-computing layout for a "marque...
A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Scope: local
sid: resolved (fixed in 55.0-1)
debian
CVE-2017-7793P3CRITICALCVSS 9.8fixed in firefox 56.0-1 (sid)2017
CVE-2017-7793 [CRITICAL] CVE-2017-7793: firefox - A use-after-free vulnerability can occur in the Fetch API when the worker or the...
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
Scope: local
sid: resolved (fixed in 56.0-1)
debian
CVE-2016-2804P3HIGHCVSS 8.8fixed in firefox 46.0-1 (sid)2016
CVE-2016-2804 [HIGH] CVE-2016-2804: firefox - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox be...
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Scope: local
sid: resolved (fixed in 46.0-1)
debian
CVE-2024-7525P3HIGHCVSS 8.1fixed in firefox 129.0-1 (sid)2024
CVE-2024-7525 [HIGH] CVE-2024-7525: firefox - It was possible for a web extension with minimal permissions to create a `Stream...
It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Scope: local
sid: resolved (fixed in 129.0-1)
debian