cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 39 of 78
CVE-2020-12396P3CRITICALCVSS 9.8fixed in firefox 76.0-1 (sid)2020
CVE-2020-12396 [CRITICAL] CVE-2020-12396: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 76. Scope: local sid: resolved (fixed in 76.0-1)
debian
CVE-2020-6809P3HIGHCVSS 7.5fixed in firefox 74.0-1 (sid)2020
CVE-2020-6809 [HIGH] CVE-2020-6809: firefox - When a Web Extension had the all-urls permission and made a fetch request with a... When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox < 74. Scope: local sid: resolved (fixed in 74.0-1)
debian
CVE-2017-7758P3CRITICALCVSS 9.1fixed in firefox 54.0-1 (sid)2017
CVE-2017-7758 [CRITICAL] CVE-2017-7758: firefox - An out-of-bounds read vulnerability with the Opus encoder when the number of cha... An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Scope: local sid: resolved (fixed in 54.0-1)
debian
CVE-2016-2818P3HIGHCVSS 8.8fixed in firefox 47.0-1 (sid)2016
CVE-2016-2818 [HIGH] CVE-2016-2818: firefox - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox be... Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Scope: local sid: resolved (fixed in 47.0-1)
debian
CVE-2020-15684P3CRITICALCVSS 9.8fixed in firefox 82.0-1 (sid)2020
CVE-2020-15684 [CRITICAL] CVE-2020-15684: firefox - Mozilla developers reported memory safety bugs present in Firefox 81. Some of th... Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 82. Scope: local sid: resolved (fixed in 82.0-1)
debian
CVE-2023-37203P3HIGHCVSS 7.8fixed in firefox 115.0-1 (sid)2023
CVE-2023-37203 [HIGH] CVE-2023-37203: firefox - Insufficient validation in the Drag and Drop API in conjunction with social engi... Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115. Scope: local sid: resolved (fixed in 115.0-1)
debian
CVE-2024-1546P3HIGHCVSS 7.5fixed in firefox 123.0-1 (sid)2024
CVE-2024-1546 [HIGH] CVE-2024-1546: firefox - When storing and re-accessing data on a networking channel, the length of buffer... When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Scope: local sid: resolved (fixed in 123.0-1)
debian
CVE-2022-36319P3HIGHCVSS 7.5fixed in firefox 103.0-1 (sid)2022
CVE-2022-36319 [HIGH] CVE-2022-36319: firefox - When combining CSS properties for overflow and transform, the mouse cursor could... When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12. Scope: local sid: resolved (fixed in 103.0-1)
debian
CVE-2022-45407P3HIGHCVSS 7.5fixed in firefox 107.0-1 (sid)2022
CVE-2022-45407 [HIGH] CVE-2022-45407: firefox - If an attacker loaded a font using <code>FontFace()</code> on a background worke... If an attacker loaded a font using FontFace() on a background worker, a use-after-free could have occurred, leading to a potentially exploitable crash. This vulnerability affects Firefox < 107. Scope: local sid: resolved (fixed in 107.0-1)
debian
CVE-2023-4055P3HIGHCVSS 7.5fixed in firefox 116.0-1 (sid)2023
CVE-2023-4055 [HIGH] CVE-2023-4055: firefox - When the number of cookies per domain was exceeded in `document.cookie`, the act... When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Scope: local sid: resolved (fixed in 116.0
debian
CVE-2024-10458P3HIGHCVSS 7.5fixed in firefox 132.0-1 (sid)2024
CVE-2024-10458 [HIGH] CVE-2024-10458: firefox - A permission leak could have occurred from a trusted site to an untrusted site v... A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. Scope: local sid: resolved (fixed in 132.0-1)
debian
CVE-2024-11702P3HIGHCVSS 7.5fixed in firefox 134.0-1 (sid)2024
CVE-2024-11702 [HIGH] CVE-2024-11702: firefox - Copying sensitive information from Private Browsing tabs on Android, such as pas... Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133. Scope: local sid: resolved (fixed in 134.0-1)
debian
CVE-2026-0889P3HIGHCVSS 7.5fixed in firefox 147.0-1 (sid)2026
CVE-2026-0889 [HIGH] CVE-2026-0889: firefox - Denial-of-service in the DOM: Service Workers component. This vulnerability affe... Denial-of-service in the DOM: Service Workers component. This vulnerability affects Firefox < 147 and Thunderbird < 147. Scope: local sid: resolved (fixed in 147.0-1)
debian
CVE-2026-4727P3HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026
CVE-2026-4727 [HIGH] CVE-2026-4727: firefox - Denial-of-service in the Libraries component in NSS. This vulnerability affects ... Denial-of-service in the Libraries component in NSS. This vulnerability affects Firefox < 149 and Thunderbird < 149. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2025-1931P3HIGHCVSS 7.5fixed in firefox 136.0-1 (sid)2025
CVE-2025-1931 [HIGH] CVE-2025-1931: firefox - It was possible to cause a use-after-free in the content process side of a WebTr... It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. Scope: local sid: resolved (fixed in 136.0-1)
debian
CVE-2024-5694P3HIGHCVSS 7.5fixed in firefox 127.0-1 (sid)2024
CVE-2024-5694 [HIGH] CVE-2024-5694: firefox - An attacker could have caused a use-after-free in the JavaScript engine to read ... An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127. Scope: local sid: resolved (fixed in 127.0-1)
debian
CVE-2022-31748P3CRITICALCVSS 9.8fixed in firefox 101.0-1 (sid)2022
CVE-2022-31748 [CRITICAL] CVE-2022-31748: firefox - Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard,... Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 101. Sc
debian
CVE-2022-36320P3CRITICALCVSS 9.8fixed in firefox 103.0-1 (sid)2022
CVE-2022-36320 [CRITICAL] CVE-2022-36320: firefox - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs pres... Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 103. Scope: local sid: resolved (fixed in 103.0-1)
debian
CVE-2025-11153P3HIGHCVSS 7.5fixed in firefox 143.0.3-1 (sid)2025
CVE-2025-11153 [HIGH] CVE-2025-11153: firefox - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability a... JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 143.0.3. Scope: local sid: resolved (fixed in 143.0.3-1)
debian
CVE-2016-2815P3HIGHCVSS 8.8fixed in firefox 47.0-1 (sid)2016
CVE-2016-2815 [HIGH] CVE-2016-2815: firefox - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox be... Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Scope: local sid: resolved (fixed in 47.0-1)
debian
Debian Firefox vulnerabilities | cvebase