cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 38 of 78
CVE-2022-28288P3HIGHCVSS 8.8fixed in firefox 99.0-1 (sid)2022
CVE-2022-28288 [HIGH] CVE-2022-28288: firefox - Mozilla developers and community members Randell Jesup, Sebastian Hengst, and th... Mozilla developers and community members Randell Jesup, Sebastian Hengst, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 98. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 99. Scope: local si
debian
CVE-2022-29918P3HIGHCVSS 8.8fixed in firefox 100.0-1 (sid)2022
CVE-2022-29918 [HIGH] CVE-2022-29918: firefox - Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team r... Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 100. Scope: local sid: resolved (fixed in 1
debian
CVE-2022-22752P3HIGHCVSS 8.8fixed in firefox 96.0-1 (sid)2022
CVE-2022-22752 [HIGH] CVE-2022-22752: firefox - Mozilla developers Christian Holler and Jason Kratzer reported memory safety bug... Mozilla developers Christian Holler and Jason Kratzer reported memory safety bugs present in Firefox 95. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 96. Scope: local sid: resolved (fixed in 96.0-1)
debian
CVE-2022-46885P3HIGHCVSS 8.8fixed in firefox 106.0-1 (sid)2022
CVE-2022-46885 [HIGH] CVE-2022-46885: firefox - Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing Team rep... Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106. Scope: local sid: resolved (fixed in 10
debian
CVE-2016-5297P3CRITICALCVSS 9.8fixed in firefox 50.0-1 (sid)2016
CVE-2016-5297 [CRITICAL] CVE-2016-5297: firefox - An error in argument length checking in JavaScript, leading to potential integer... An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Scope: local sid: resolved (fixed in 50.0-1)
debian
CVE-2017-5378P3HIGHCVSS 7.5fixed in firefox 51.0-1 (sid)2017
CVE-2017-5378 [HIGH] CVE-2017-5378: firefox - Hashed codes of JavaScript objects are shared between pages. This allows for poi... Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)
debian
CVE-2018-5181P3HIGHCVSS 7.5fixed in firefox 60.0-1 (sid)2018
CVE-2018-5181 [HIGH] CVE-2018-5181: firefox - If a URL using the "file:" protocol is dragged and dropped onto an open tab that... If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with the "noopener" keyword. This vulnerability affects Firefox < 60. Scope: l
debian
CVE-2017-7757P3CRITICALCVSS 9.8fixed in firefox 54.0-1 (sid)2017
CVE-2017-7757 [CRITICAL] CVE-2017-7757: firefox - A use-after-free vulnerability in IndexedDB when one of its objects is destroyed... A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Scope: local sid: resolved (fixed in 54.0-1)
debian
CVE-2021-29991P3HIGHCVSS 8.1fixed in firefox 91.0.1-1 (sid)2021
CVE-2021-29991 [HIGH] CVE-2021-29991: firefox - Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as t... Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox < 91.0.1 and Thunderbird < 91.0.1. Scope: local sid: resolved (fixed in 91.0.1-1)
debian
CVE-2017-5470P3CRITICALCVSS 9.8fixed in firefox 54.0-1 (sid)2017
CVE-2017-5470 [CRITICAL] CVE-2017-5470: firefox - Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of the... Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Scope: local sid: resolved (fixed in 54.0-1)
debian
CVE-2019-11719P3LOWCVSS 7.5fixed in firefox 68.0-1 (sid)2019
CVE-2019-11719 [HIGH] CVE-2019-11719: firefox - When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes,... When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Scope: local sid: resolved (fixed in 68.0-1)
debian
CVE-2024-6606P3HIGHCVSS 8.2fixed in firefox 128.0-1 (sid)2024
CVE-2024-6606 [HIGH] CVE-2024-6606: firefox - Clipboard code failed to check the index on an array access. This could have led... Clipboard code failed to check the index on an array access. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 128 and Thunderbird < 128. Scope: local sid: resolved (fixed in 128.0-1)
debian
CVE-2016-2806P3HIGHCVSS 8.8fixed in firefox 46.0-1 (sid)2016
CVE-2016-2806 [HIGH] CVE-2016-2806: firefox - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox be... Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Scope: local sid: resolved (fixed in 46.0-1)
debian
CVE-2016-2807P3HIGHCVSS 8.8fixed in firefox 46.0-1 (sid)2016
CVE-2016-2807 [HIGH] CVE-2016-2807: firefox - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox be... Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Scope: local sid: resolved (fixed in 46.0-1)
debian
CVE-2025-8029P3HIGHCVSS 8.1fixed in firefox 141.0-1 (sid)2025
CVE-2025-8029 [HIGH] CVE-2025-8029: firefox - Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. ... Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. Scope: local sid: resolved (fixed in 141.0-1)
debian
CVE-2025-8032P3HIGHCVSS 8.1fixed in firefox 141.0-1 (sid)2025
CVE-2025-8032 [HIGH] CVE-2025-8032: firefox - XSLT document loading did not correctly propagate the source document which bypa... XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. Scope: local sid: resolved (fixed in 141.0-1)
debian
CVE-2023-5724P3HIGHCVSS 7.5fixed in firefox 119.0-1 (sid)2023
CVE-2023-5724 [HIGH] CVE-2023-5724: firefox - Drivers are not always robust to extremely large draw calls and in some cases th... Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Scope: local sid: resolved (fixed in 119.0-1)
debian
CVE-2016-2837P3MEDIUMCVSS 6.3fixed in firefox 48.0-1 (sid)2016
CVE-2016-2837 [MEDIUM] CVE-2016-2837: firefox - Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in th... Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass. Scope: local sid: resolved (fixed in 48.0
debian
CVE-2018-18504P3CRITICALCVSS 9.8fixed in firefox 65.0-1 (sid)2018
CVE-2018-18504 [CRITICAL] CVE-2018-18504: firefox - A crash and out-of-bounds read can occur when the buffer of a texture client is ... A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results is a potentially exploitable crash and the possibility of reading from the memory of the freed buffers. This vulnerability affects Firefox < 65. Scope: local sid: resolved (fixed in 65.0-1)
debian
CVE-2019-11710P3CRITICALCVSS 9.8fixed in firefox 68.0-1 (sid)2019
CVE-2019-11710 [CRITICAL] CVE-2019-11710: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 68. Scope: local sid: resolved (fixed in 68.0-1)
debian
Debian Firefox vulnerabilities | cvebase