Debian Firefox vulnerabilities
1,550 known vulnerabilities affecting debian/firefox.
Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42
Vulnerabilities
Page 34 of 78
CVE-2020-12416P3HIGHCVSS 8.8fixed in firefox 78.0-1 (sid)2020
CVE-2020-12416 [HIGH] CVE-2020-12416: firefox - A VideoStreamEncoder may have been freed in a race condition with VideoBroadcast...
A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78.
Scope: local
sid: resolved (fixed in 78.0-1)
debian
CVE-2020-26969P3HIGHCVSS 8.8fixed in firefox 83.0-1 (sid)2020
CVE-2020-26969 [HIGH] CVE-2020-26969: firefox - Mozilla developers reported memory safety bugs present in Firefox 82. Some of th...
Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83.
Scope: local
sid: resolved (fixed in 83.0-1)
debian
CVE-2021-29972P3HIGHCVSS 8.8fixed in firefox 90.0-1 (sid)2021
CVE-2021-29972 [HIGH] CVE-2021-29972: firefox - A use-after-free vulnerability was found via testing, and traced to an out-of-da...
A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox < 90.
Scope: local
sid: resolved (fixed in 90.0-1)
debian
CVE-2022-22738P3HIGHCVSS 8.8fixed in firefox 96.0-1 (sid)2022
CVE-2022-22738 [HIGH] CVE-2022-22738: firefox - Applying a CSS filter effect could have accessed out of bounds memory. This coul...
Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
Scope: local
sid: resolved (fixed in 96.0-1)
debian
CVE-2022-34468P3HIGHCVSS 8.8fixed in firefox 102.0-1 (sid)2022
CVE-2022-34468 [HIGH] CVE-2022-34468: firefox - An iframe that was not permitted to run scripts could do so if the user clicked ...
An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Scope: local
sid: resolved (fixed in 102.0-1)
debian
CVE-2022-46871P3HIGHCVSS 8.8fixed in firefox 108.0-1 (sid)2022
CVE-2022-46871 [HIGH] CVE-2022-46871: firefox - An out of date library (libusrsctp) contained vulnerabilities that could potenti...
An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.
Scope: local
sid: resolved (fixed in 108.0-1)
debian
CVE-2021-23962P3HIGHCVSS 8.8fixed in firefox 85.0-1 (sid)2021
CVE-2021-23962 [HIGH] CVE-2021-23962: firefox - Incorrect use of the '<RowCountChanged>' method could have led to a user-after-p...
Incorrect use of the '' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85.
Scope: local
sid: resolved (fixed in 85.0-1)
debian
CVE-2022-29909P3HIGHCVSS 8.8fixed in firefox 100.0-1 (sid)2022
CVE-2022-29909 [HIGH] CVE-2022-29909: firefox - Documents in deeply-nested cross-origin browsing contexts could have obtained pe...
Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.
Scope: local
sid: resolved (fixed in 100.0-1)
debian
CVE-2022-45412P3HIGHCVSS 8.8fixed in firefox 107.0-1 (sid)2022
CVE-2022-45412 [HIGH] CVE-2022-45412: firefox - When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error m...
When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. *This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.*. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and F
debian
CVE-2022-34481P3HIGHCVSS 8.8fixed in firefox 102.0-1 (sid)2022
CVE-2022-34481 [HIGH] CVE-2022-34481: firefox - In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer over...
In the nsTArray_Impl::ReplaceElementsAt() function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Scope: local
sid: resolved (fixed in 102.0-1)
debian
CVE-2016-5257P3CRITICALCVSS 9.8fixed in firefox 49.0-1 (sid)2016
CVE-2016-5257 [CRITICAL] CVE-2016-5257: firefox - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox be...
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Scope: local
sid: resolved (fixed in 49.0-1)
debian
CVE-2022-46881P3HIGHCVSS 8.8fixed in firefox 106.0-1 (sid)2022
CVE-2022-46881 [HIGH] CVE-2022-46881: firefox - An optimization in WebGL was incorrect in some cases, and could have led to memo...
An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106, Firefox ESR < 102.6, and Th
debian
CVE-2022-31741P3HIGHCVSS 8.8fixed in firefox 101.0-1 (sid)2022
CVE-2022-31741 [HIGH] CVE-2022-31741: firefox - A crafted CMS message could have been processed incorrectly, leading to an inval...
A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
Scope: local
sid: resolved (fixed in 101.0-1)
debian
CVE-2022-46879P3HIGHCVSS 8.8fixed in firefox 108.0-1 (sid)2022
CVE-2022-46879 [HIGH] CVE-2022-46879: firefox - Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randel...
Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108
debian
CVE-2022-0843P3HIGHCVSS 8.8fixed in firefox 98.0-1 (sid)2022
CVE-2022-0843 [HIGH] CVE-2022-0843: firefox - Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported ...
Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 98.
Scope: local
sid: resolved (fixed in 98.0-1)
debian
CVE-2023-29543P3HIGHCVSS 8.8fixed in firefox 112.0-1 (sid)2023
CVE-2023-29543 [HIGH] CVE-2023-29543: firefox - An attacker could have caused memory corruption and a potentially exploitable us...
An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
Scope: local
sid: resolved (fixed in 112.0-1)
debian
CVE-2022-0511P3HIGHCVSS 8.8fixed in firefox 97.0-1 (sid)2022
CVE-2022-0511 [HIGH] CVE-2022-0511: firefox - Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Rand...
Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnera
debian
CVE-2016-5277P3CRITICALCVSS 9.8fixed in firefox 49.0-1 (sid)2016
CVE-2016-5277 [CRITICAL] CVE-2016-5277: firefox - Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Fi...
Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation.
S
debian
CVE-2022-46884P3HIGHCVSS 8.8fixed in firefox 106.0-1 (sid)2022
CVE-2022-46884 [HIGH] CVE-2022-46884: firefox - A potential use-after-free vulnerability existed in SVG Images if the Refresh Dr...
A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original r
debian
CVE-2017-5373P3CRITICALCVSS 9.8fixed in firefox 51.0-1 (sid)2017
CVE-2017-5373 [CRITICAL] CVE-2017-5373: firefox - Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of t...
Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
Scope: local
sid: resolved (fixed in 51.0-1)
debian