cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 4 of 78
CVE-2026-2778P3CRITICALCVSS 10.0fixed in firefox 148.0-1 (sid)2026
CVE-2026-2778 [CRITICAL] CVE-2026-2778: firefox - Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML comp... Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)
debian
CVE-2026-2784P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2784 [CRITICAL] CVE-2026-2784: firefox - Mitigation bypass in the DOM: Security component. This vulnerability affects Fir... Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)
debian
CVE-2018-12386P3HIGHCVSS 8.1fixed in firefox 62.0.3-1 (sid)2018
CVE-2018-12386 [HIGH] CVE-2018-12386: firefox - A vulnerability in register allocation in JavaScript can lead to type confusion,... A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. Scope: local sid: resolved (fixed in 62.0.3-1)
debian
CVE-2021-4140P3CRITICALCVSS 10.0fixed in firefox 96.0-1 (sid)2021
CVE-2021-4140 [CRITICAL] CVE-2021-4140: firefox - It was possible to construct specific XSLT markup that would be able to bypass a... It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)
debian
CVE-2026-4689P3CRITICALCVSS 10.0fixed in firefox 149.0-1 (sid)2026
CVE-2026-4689 [CRITICAL] CVE-2026-4689: firefox - Sandbox escape due to incorrect boundary conditions, integer overflow in the XPC... Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2026-4725P3CRITICALCVSS 10.0fixed in firefox 149.0-1 (sid)2026
CVE-2026-4725 [CRITICAL] CVE-2026-4725: firefox - Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This v... Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149 and Thunderbird < 149. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2020-6811P3HIGHCVSS 8.8fixed in firefox 74.0-1 (sid)2020
CVE-2020-6811 [HIGH] CVE-2020-6811: firefox - The 'Copy as cURL' feature of Devtools' network tab did not properly escape the ... The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Fire
debian
CVE-2026-4701P3CRITICALCVSS 9.8fixed in firefox 149.0-1 (sid)2026
CVE-2026-4701 [CRITICAL] CVE-2026-4701: firefox - Use-after-free in the JavaScript Engine component. This vulnerability affects Fi... Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2026-4700P3CRITICALCVSS 9.8fixed in firefox 149.0-1 (sid)2026
CVE-2026-4700 [CRITICAL] CVE-2026-4700: firefox - Mitigation bypass in the Networking: HTTP component. This vulnerability affects ... Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2026-4717P3CRITICALCVSS 9.8fixed in firefox 149.0-1 (sid)2026
CVE-2026-4717 [CRITICAL] CVE-2026-4717: firefox - Privilege escalation in the Netmonitor component. This vulnerability affects Fir... Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2026-2780P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2780 [CRITICAL] CVE-2026-2780: firefox - Privilege escalation in the Netmonitor component. This vulnerability affects Fir... Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)
debian
CVE-2026-2789P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2789 [CRITICAL] CVE-2026-2789: firefox - Use-after-free in the Graphics: ImageLib component. This vulnerability affects F... Use-after-free in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)
debian
CVE-2026-2786P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2786 [CRITICAL] CVE-2026-2786: firefox - Use-after-free in the JavaScript Engine component. This vulnerability affects Fi... Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)
debian
CVE-2026-2782P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2782 [CRITICAL] CVE-2026-2782: firefox - Privilege escalation in the Netmonitor component. This vulnerability affects Fir... Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)
debian
CVE-2026-2779P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2779 [CRITICAL] CVE-2026-2779: firefox - Incorrect boundary conditions in the Networking: JAR component. This vulnerabili... Incorrect boundary conditions in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)
debian
CVE-2025-14321P3CRITICALCVSS 9.8fixed in firefox 146.0-1 (sid)2025
CVE-2025-14321 [CRITICAL] CVE-2025-14321: firefox - Use-after-free in the WebRTC: Signaling component. This vulnerability affects Fi... Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. Scope: local sid: resolved (fixed in 146.0-1)
debian
CVE-2026-2766P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2766 [CRITICAL] CVE-2026-2766: firefox - Use-after-free in the JavaScript Engine: JIT component. This vulnerability affec... Use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)
debian
CVE-2026-2765P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2765 [CRITICAL] CVE-2026-2765: firefox - Use-after-free in the JavaScript Engine component. This vulnerability affects Fi... Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)
debian
CVE-2025-8031P3CRITICALCVSS 9.8fixed in firefox 141.0-1 (sid)2025
CVE-2025-8031 [CRITICAL] CVE-2025-8031: firefox - The `username:password` part was not correctly stripped from URLs in CSP reports... The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. Scope: local sid: resolved (fixed in 141.0-1)
debian
CVE-2026-0884P3CRITICALCVSS 9.8fixed in firefox 147.0-1 (sid)2026
CVE-2026-0884 [CRITICAL] CVE-2026-0884: firefox - Use-after-free in the JavaScript Engine component. This vulnerability affects Fi... Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. Scope: local sid: resolved (fixed in 147.0-1)
debian
Debian Firefox vulnerabilities | cvebase