cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 35 of 78
CVE-2016-5290P3CRITICALCVSS 9.8fixed in firefox 50.0-1 (sid)2016
CVE-2016-5290 [CRITICAL] CVE-2016-5290: firefox - Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of the... Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Scope: local sid: resolved (fixed in 50.0-1)
debian
CVE-2017-5440P3CRITICALCVSS 9.8fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5440 [CRITICAL] CVE-2017-5440: firefox - A use-after-free vulnerability during XSLT processing due to a failure to propag... A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Scope: local
debian
CVE-2017-7810P3CRITICALCVSS 9.8fixed in firefox 56.0-1 (sid)2017
CVE-2017-7810 [CRITICAL] CVE-2017-7810: firefox - Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of the... Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Scope: local sid: resolved (fixed in 56.0-1)
debian
CVE-2017-5454P3HIGHCVSS 7.5fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5454 [HIGH] CVE-2017-5454: firefox - A mechanism to bypass file system access protections in the sandbox to use the f... A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed i
debian
CVE-2024-1555P3HIGHCVSS 8.3fixed in firefox 123.0-1 (sid)2024
CVE-2024-1555 [HIGH] CVE-2024-1555: firefox - When opening a website using the `firefox://` protocol handler, SameSite cookies... When opening a website using the `firefox://` protocol handler, SameSite cookies were not properly respected. This vulnerability affects Firefox < 123. Scope: local sid: resolved (fixed in 123.0-1)
debian
CVE-2017-7809P3CRITICALCVSS 9.8fixed in firefox 55.0-1 (sid)2017
CVE-2017-7809 [CRITICAL] CVE-2017-7809: firefox - A use-after-free vulnerability can occur when an editor DOM node is deleted prem... A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)
debian
CVE-2018-5112P3HIGHCVSS 7.5fixed in firefox 58.0-1 (sid)2018
CVE-2018-5112 [HIGH] CVE-2018-5112: firefox - Development Tools panels of an extension are required to load URLs for the panel... Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to access, including potentially privileged pages. This vulnerability affects
debian
CVE-2025-8036P3HIGHCVSS 8.1fixed in firefox 141.0-1 (sid)2025
CVE-2025-8036 [HIGH] CVE-2025-8036: firefox - Thunderbird cached CORS preflight responses across IP address changes. This allo... Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. Scope: local sid: resolved (fixed in 141.0-1)
debian
CVE-2017-5386P3HIGHCVSS 7.3fixed in firefox 51.0-1 (sid)2017
CVE-2017-5386 [HIGH] CVE-2017-5386: firefox - WebExtension scripts can use the "data:" protocol to affect pages loaded by othe... WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)
debian
CVE-2026-0878P3HIGHCVSS 8.0fixed in firefox 147.0-1 (sid)2026
CVE-2026-0878 [HIGH] CVE-2026-0878: firefox - Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL... Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. Scope: local sid: resolved (fixed in 147.0-1)
debian
CVE-2017-5413P3CRITICALCVSS 9.8fixed in firefox 52.0-1 (sid)2017
CVE-2017-5413 [CRITICAL] CVE-2017-5413: firefox - A segmentation fault can occur during some bidirectional layout operations. This... A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox < 52 and Thunderbird < 52. Scope: local sid: resolved (fixed in 52.0-1)
debian
CVE-2024-0743P3HIGHCVSS 7.5fixed in firefox 122.0-1 (sid)2024
CVE-2024-0743 [HIGH] CVE-2024-0743: firefox - An unchecked return value in TLS handshake code could have caused a potentially ... An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9. Scope: local sid: resolved (fixed in 122.0-1)
debian
CVE-2019-9802P3HIGHCVSS 7.5fixed in firefox 66.0-1 (sid)2019
CVE-2019-9802 [HIGH] CVE-2019-9802: firefox - If a Sandbox content process is compromised, it can initiate an FTP download whi... If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and allow for a potential memory read of adjacent data from the privileged Chrom
debian
CVE-2024-3857P3HIGHCVSS 7.8fixed in firefox 125.0.1-1 (sid)2024
CVE-2024-3857 [HIGH] CVE-2024-3857: firefox - The JIT created incorrect code for arguments in certain cases. This led to poten... The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Scope: local sid: resolved (fixed in 125.0.1-1)
debian
CVE-2019-9805P3CRITICALCVSS 9.8fixed in firefox 66.0-1 (sid)2019
CVE-2019-9805 [CRITICAL] CVE-2019-9805: firefox - A latent vulnerability exists in the Prio library where data may be read from un... A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption. This vulnerability affects Firefox < 66. Scope: local sid: resolved (fixed in 66.0-1)
debian
CVE-2026-4694P3HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026
CVE-2026-4694 [HIGH] CVE-2026-4694: firefox - Incorrect boundary conditions, integer overflow in the Graphics component. This ... Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2021-29952P3HIGHCVSS 7.5fixed in firefox 88.0.1-1 (sid)2021
CVE-2021-29952 [HIGH] CVE-2021-29952: firefox - When Web Render components were destructed, a race condition could have caused u... When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3. Scope: local sid: resolved (fixed in 88.0.1-1)
debian
CVE-2026-4697P3HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026
CVE-2026-4697 [HIGH] CVE-2026-4697: firefox - Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vul... Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2026-4695P3HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026
CVE-2026-4695 [HIGH] CVE-2026-4695: firefox - Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vul... Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2024-1552P3HIGHCVSS 7.5fixed in firefox 123.0-1 (sid)2024
CVE-2024-1552 [HIGH] CVE-2024-1552: firefox - Incorrect code generation could have led to unexpected numeric conversions and p... Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Scope: local sid: resolved (fixed in 123.0-1)
debian
Debian Firefox vulnerabilities | cvebase