cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 41 of 78
CVE-2021-29990P3HIGHCVSS 8.8fixed in firefox 91.0-1 (sid)2021
CVE-2021-29990 [HIGH] CVE-2021-29990: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 91. Scope: local sid: resolved (fixed in 91.0-1)
debian
CVE-2021-23965P3HIGHCVSS 8.8fixed in firefox 85.0-1 (sid)2021
CVE-2021-23965 [HIGH] CVE-2021-23965: firefox - Mozilla developers reported memory safety bugs present in Firefox 84. Some of th... Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85. Scope: local sid: resolved (fixed in 85.0-1)
debian
CVE-2006-4565P3HIGHCVSS 9.3fixed in firefox 1.5.dfsg+1.5.0.7-1 (sid)2006
CVE-2006-4565 [CRITICAL] CVE-2006-4565: firefox - Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before... Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier." Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.7-1)
debian
CVE-2021-23979P3HIGHCVSS 8.8fixed in firefox 86.0-1 (sid)2021
CVE-2021-23979 [HIGH] CVE-2021-23979: firefox - Mozilla developers reported memory safety bugs present in Firefox 85. Some of th... Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86. Scope: local sid: resolved (fixed in 86.0-1)
debian
CVE-2021-29947P3HIGHCVSS 8.8fixed in firefox 88.0-1 (sid)2021
CVE-2021-29947 [HIGH] CVE-2021-29947: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88. Scope: local sid: resolved (fixed in 88.0-1)
debian
CVE-2020-15674P3HIGHCVSS 8.8fixed in firefox 81.0-1 (sid)2020
CVE-2020-15674 [HIGH] CVE-2020-15674: firefox - Mozilla developers reported memory safety bugs present in Firefox 80. Some of th... Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81. Scope: local sid: resolved (fixed in 81.0-1)
debian
CVE-2018-5177P3HIGHCVSS 7.5fixed in firefox 60.0-1 (sid)2018
CVE-2018-5177 [HIGH] CVE-2018-5177: firefox - A vulnerability exists in XSLT during number formatting where a negative buffer ... A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox < 60. Scope: local sid: resolved (fixed in 60.0-1)
debian
CVE-2018-5141P3HIGHCVSS 8.2fixed in firefox 59.0-1 (sid)2018
CVE-2018-5141 [HIGH] CVE-2018-5141: firefox - A vulnerability in the notifications Push API where notifications can be sent th... A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox < 59. Scope: local sid: resolved (fixed in 59.0-1)
debian
CVE-2017-5410P3CRITICALCVSS 9.8fixed in firefox 52.0-1 (sid)2017
CVE-2017-5410 [CRITICAL] CVE-2017-5410: firefox - Memory corruption resulting in a potentially exploitable crash during garbage co... Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Scope: local sid: resolved (fixed in 52.0-1)
debian
CVE-2017-7805P3HIGHCVSS 7.5fixed in firefox 56.0-1 (sid)2017
CVE-2017-7805 [HIGH] CVE-2017-7805: firefox - During TLS 1.2 exchanges, handshake hashes are generated which point to a messag... During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handsha
debian
CVE-2016-5254P3CRITICALCVSS 9.8fixed in firefox 48.0-1 (sid)2016
CVE-2016-5254 [CRITICAL] CVE-2016-5254: firefox - Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozil... Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items. Scope: local sid: re
debian
CVE-2018-5151P3CRITICALCVSS 9.8fixed in firefox 60.0-1 (sid)2018
CVE-2018-5151 [CRITICAL] CVE-2018-5151: firefox - Memory safety bugs were reported in Firefox 59. Some of these bugs showed eviden... Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 60. Scope: local sid: resolved (fixed in 60.0-1)
debian
CVE-2017-7827P3CRITICALCVSS 9.8fixed in firefox 57.0-1 (sid)2017
CVE-2017-7827 [CRITICAL] CVE-2017-7827: firefox - Memory safety bugs were reported in Firefox 56. Some of these bugs showed eviden... Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57. Scope: local sid: resolved (fixed in 57.0-1)
debian
CVE-2017-7787P3HIGHCVSS 7.5fixed in firefox 55.0-1 (sid)2017
CVE-2017-7787 [HIGH] CVE-2017-7787: firefox - Same-origin policy protections can be bypassed on pages with embedded iframes du... Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)
debian
CVE-2017-5419P3HIGHCVSS 7.5fixed in firefox 52.0-1 (sid)2017
CVE-2017-5419 [HIGH] CVE-2017-5419: firefox - If a malicious site repeatedly triggers a modal authentication prompt, eventuall... If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox < 52 and Thunderbird < 52. Scope: local sid: resolved (fixed in 52.0-1)
debian
CVE-2019-9821P3HIGHCVSS 8.1fixed in firefox 67.0-2 (sid)2019
CVE-2019-9821 [HIGH] CVE-2019-9821: firefox - A use-after-free vulnerability can occur in AssertWorkerThread due to a race con... A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. This vulnerability affects Firefox < 67. Scope: local sid: resolved (fixed in 67.0-2)
debian
CVE-2017-5464P3CRITICALCVSS 9.8fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5464 [CRITICAL] CVE-2017-5464: firefox - During DOM manipulations of the accessibility tree through script, the DOM tree ... During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)
debian
CVE-2016-9893P3CRITICALCVSS 9.8fixed in firefox 50.1.0-1 (sid)2016
CVE-2016-9893 [CRITICAL] CVE-2016-9893: firefox - Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed ... Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Scope: local sid: resolved (fixed in 50.1.0-1)
debian
CVE-2018-5182P3HIGHCVSS 7.5fixed in firefox 60.0-1 (sid)2018
CVE-2018-5182 [HIGH] CVE-2018-5182: firefox - If a text string that happens to be a filename in the operating system's native ... If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent "file:" URL. This vulnerability affects Firefox < 60. Scope: local sid: resolved (fixed in 60.0-1)
debian
CVE-2018-5113P3HIGHCVSS 7.5fixed in firefox 58.0-1 (sid)2018
CVE-2018-5113 [HIGH] CVE-2018-5113: firefox - The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allow... The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerability affects Firefox < 58. Scope: local sid: resolved (fixed in 58.0-1)
debian
Debian Firefox vulnerabilities | cvebase