cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 32 of 78
CVE-2024-11700P3HIGHCVSS 8.1fixed in firefox 134.0-1 (sid)2024
CVE-2024-11700 [HIGH] CVE-2024-11700: firefox - Malicious websites may have been able to perform user intent confirmation throug... Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133. Scope: local sid: resolved (fixed in 134.0-1)
debian
CVE-2024-3865P3HIGHCVSS 8.1fixed in firefox 125.0.1-1 (sid)2024
CVE-2024-3865 [HIGH] CVE-2024-3865: firefox - Memory safety bugs present in Firefox 124. Some of these bugs showed evidence of... Memory safety bugs present in Firefox 124. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125. Scope: local sid: resolved (fixed in 125.0.1-1)
debian
CVE-2025-10534P3HIGHCVSS 8.1fixed in firefox 143.0-1 (sid)2025
CVE-2025-10534 [HIGH] CVE-2025-10534: firefox - Spoofing issue in the Site Permissions component. This vulnerability affects Fir... Spoofing issue in the Site Permissions component. This vulnerability affects Firefox < 143 and Thunderbird < 143. Scope: local sid: resolved (fixed in 143.0-1)
debian
CVE-2025-8030P3HIGHCVSS 8.1fixed in firefox 141.0-1 (sid)2025
CVE-2025-8030 [HIGH] CVE-2025-8030: firefox - Insufficient escaping in the “Copy as cURL” feature could potentially be used to... Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. Scope: local sid: resolved (fixed in 141.0-1)
debian
CVE-2018-5137P3HIGHCVSS 7.5fixed in firefox 59.0-1 (sid)2018
CVE-2018-5137 [HIGH] CVE-2018-5137: firefox - A legacy extension's non-contentaccessible, defined resources can be loaded by a... A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect WebExtensions. This vulnerability affects Firefox < 59. Scope: local sid: resolved (fixed in 59.0-1)
debian
CVE-2018-5128P3CRITICALCVSS 9.8fixed in firefox 59.0-1 (sid)2018
CVE-2018-5128 [CRITICAL] CVE-2018-5128: firefox - A use-after-free vulnerability can occur when manipulating elements, events, and... A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash. This vulnerability affects Firefox < 59. Scope: local sid: resolved (fixed in 59.0-1)
debian
CVE-2018-5092P3CRITICALCVSS 9.8fixed in firefox 58.0-1 (sid)2018
CVE-2018-5092 [CRITICAL] CVE-2018-5092: firefox - A use-after-free vulnerability can occur when the thread for a Web Worker is fre... A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox < 58. Scope: local sid: resolved (fixed in 58.0-1)
debian
CVE-2020-6814P3CRITICALCVSS 9.8fixed in firefox 74.0-1 (sid)2020
CVE-2020-6814 [CRITICAL] CVE-2020-6814: firefox - Mozilla developers reported memory safety bugs present in Firefox and Thunderbir... Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. Scope: local sid
debian
CVE-2017-5377P3CRITICALCVSS 9.8fixed in firefox 51.0-1 (sid)2017
CVE-2017-5377 [CRITICAL] CVE-2017-5377: firefox - A memory corruption vulnerability in Skia that can occur when using transforms t... A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)
debian
CVE-2017-7753P3CRITICALCVSS 9.1fixed in firefox 55.0-1 (sid)2017
CVE-2017-7753 [CRITICAL] CVE-2017-7753: firefox - An out-of-bounds read occurs when applying style rules to pseudo-elements, such ... An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)
debian
CVE-2006-1739P3MEDIUMCVSS 9.3fixed in firefox 1.5.dfsg+1.5.0.2-2 (sid)2006
CVE-2006-1739 [CRITICAL] CVE-2006-1739: firefox - The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 ... The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow. Scope: l
debian
CVE-2026-4699P3HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026
CVE-2026-4699 [HIGH] CVE-2026-4699: firefox - Incorrect boundary conditions in the Layout: Text and Fonts component. This vuln... Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2026-4693P3HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026
CVE-2026-4693 [HIGH] CVE-2026-4693: firefox - Incorrect boundary conditions in the Audio/Video: Playback component. This vulne... Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2024-3852P3HIGHCVSS 7.5fixed in firefox 125.0.1-1 (sid)2024
CVE-2024-3852 [HIGH] CVE-2024-3852: firefox - GetBoundName could return the wrong version of an object when JIT optimizations ... GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Scope: local sid: resolved (fixed in 125.0.1-1)
debian
CVE-2024-10459P3HIGHCVSS 7.5fixed in firefox 132.0-1 (sid)2024
CVE-2024-10459 [HIGH] CVE-2024-10459: firefox - An attacker could have caused a use-after-free when accessibility was enabled, l... An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. Scope: local sid: resolved (fixed in 132.0-1)
debian
CVE-2023-34417P3CRITICALCVSS 9.8fixed in firefox 114.0-1 (sid)2023
CVE-2023-34417 [CRITICAL] CVE-2023-34417: firefox - Memory safety bugs present in Firefox 113. Some of these bugs showed evidence of... Memory safety bugs present in Firefox 113. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 114. Scope: local sid: resolved (fixed in 114.0-1)
debian
CVE-2023-32216P3CRITICALCVSS 9.8fixed in firefox 113.0-1 (sid)2023
CVE-2023-32216 [CRITICAL] CVE-2023-32216: firefox - Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell... Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 1
debian
CVE-2026-4709P3HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026
CVE-2026-4709 [HIGH] CVE-2026-4709: firefox - Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerabil... Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2026-4706P3HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026
CVE-2026-4706 [HIGH] CVE-2026-4706: firefox - Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerab... Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2025-13016P3HIGHCVSS 7.5fixed in firefox 145.0-1 (sid)2025
CVE-2025-13016 [HIGH] CVE-2025-13016: firefox - Incorrect boundary conditions in the JavaScript: WebAssembly component. This vul... Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. Scope: local sid: resolved (fixed in 145.0-1)
debian
Debian Firefox vulnerabilities | cvebase