cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 40 of 78
CVE-2016-2797P3HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-2797 [HIGH] CVE-2016-2797: firefox - The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6... The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801. Scope: local sid: re
debian
CVE-2025-3029P3HIGHCVSS 7.3fixed in firefox 137.0-1 (sid)2025
CVE-2025-3029 [HIGH] CVE-2025-3029: firefox - A crafted URL containing specific Unicode characters could have hidden the true ... A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9. Scope: local sid: resolved (fixed in 137.0-1)
debian
CVE-2006-5747P3HIGHCVSS 7.5fixed in firefox 45.0-1 (sid)2006
CVE-2006-5747 [HIGH] CVE-2006-5747: firefox - Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before ... Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function. Scope: local sid: resolved (fixed in 45.0-1)
debian
CVE-2016-2792P3HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-2792 [HIGH] CVE-2016-2792: firefox - The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as... The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. Scope: local sid: resolv
debian
CVE-2016-2800P3HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-2800 [HIGH] CVE-2016-2800: firefox - The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as... The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792. Scope: local sid: resolv
debian
CVE-2016-2801P3HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-2801 [HIGH] CVE-2016-2801: firefox - The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite... The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797. Scope
debian
CVE-2016-1979P3HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-1979 [HIGH] CVE-2016-1979: firefox - Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey fun... Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. Scope: local sid: resolved (fixed in 45.0-1)
debian
CVE-2020-6796P3HIGHCVSS 8.8fixed in firefox 73.0-1 (sid)2020
CVE-2020-6796 [HIGH] CVE-2020-6796: firefox - A content process could have modified shared memory relating to crash reporting ... A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 73 and Firefox < ESR68.5. Scope: local sid: resolved (fixed in 73.0-1)
debian
CVE-2018-12371P3HIGHCVSS 8.8fixed in firefox 61.0-1 (sid)2018
CVE-2018-12371 [HIGH] CVE-2018-12371: firefox - An integer overflow vulnerability in the Skia library when allocating memory for... An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61. Scope: local sid: resolved (fixed in 61.0-1)
debian
CVE-2020-6801P3HIGHCVSS 8.8fixed in firefox 73.0-1 (sid)2020
CVE-2020-6801 [HIGH] CVE-2020-6801: firefox - Mozilla developers reported memory safety bugs present in Firefox 72. Some of th... Mozilla developers reported memory safety bugs present in Firefox 72. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 73. Scope: local sid: resolved (fixed in 73.0-1)
debian
CVE-2019-9811P3HIGHCVSS 8.3fixed in firefox 68.0-1 (sid)2019
CVE-2019-9811 [HIGH] CVE-2019-9811: firefox - As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape b... As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Scope: local sid: resolved (fixed in 68.0-1)
debian
CVE-2020-12411P3HIGHCVSS 8.8fixed in firefox 77.0-1 (sid)2020
CVE-2020-12411 [HIGH] CVE-2020-12411: firefox - Mozilla developers reported memory safety bugs present in Firefox 76. Some of th... Mozilla developers reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 77. Scope: local sid: resolved (fixed in 77.0-1)
debian
CVE-2021-43535P3HIGHCVSS 8.8fixed in firefox 93.0-1 (sid)2021
CVE-2021-43535 [HIGH] CVE-2021-43535: firefox - A use-after-free could have occured when an HTTP2 session object was released on... A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3. Scope: local sid: resolved (fixed in 93.0-1)
debian
CVE-2021-23954P3HIGHCVSS 8.8fixed in firefox 85.0-1 (sid)2021
CVE-2021-23954 [HIGH] CVE-2021-23954: firefox - Using the new logical assignment operators in a JavaScript switch statement coul... Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. Scope: local sid: resolved (fixed in 85.0-1)
debian
CVE-2021-23988P3HIGHCVSS 8.8fixed in firefox 87.0-1 (sid)2021
CVE-2021-23988 [HIGH] CVE-2021-23988: firefox - Mozilla developers reported memory safety bugs present in Firefox 86. Some of th... Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 87. Scope: local sid: resolved (fixed in 87.0-1)
debian
CVE-2020-35114P3HIGHCVSS 8.8fixed in firefox 84.0-1 (sid)2020
CVE-2020-35114 [HIGH] CVE-2020-35114: firefox - Mozilla developers reported memory safety bugs present in Firefox 83. Some of th... Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84. Scope: local sid: resolved (fixed in 84.0-1)
debian
CVE-2017-7776P3HIGHCVSS 8.1fixed in firefox 54.0-1 (sid)2017
CVE-2017-7776 [HIGH] CVE-2017-7776: firefox - Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in gra... Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph. Scope: local sid: resolved (fixed in 54.0-1)
debian
CVE-2021-23972P3HIGHCVSS 8.8fixed in firefox 86.0-1 (sid)2021
CVE-2021-23972 [HIGH] CVE-2021-23972: firefox - One phishing tactic on the web is to provide a link with HTTP Auth. For example ... One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://[email protected]'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox < 86. Scope: local
debian
CVE-2021-29966P3HIGHCVSS 8.8fixed in firefox 89.0-1 (sid)2021
CVE-2021-29966 [HIGH] CVE-2021-29966: firefox - Mozilla developers reported memory safety bugs present in Firefox 88. Some of th... Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 89. Scope: local sid: resolved (fixed in 89.0-1)
debian
CVE-2021-29977P3HIGHCVSS 8.8fixed in firefox 90.0-1 (sid)2021
CVE-2021-29977 [HIGH] CVE-2021-29977: firefox - Mozilla developers reported memory safety bugs present in Firefox 89. Some of th... Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 90. Scope: local sid: resolved (fixed in 90.0-1)
debian
Debian Firefox vulnerabilities | cvebase