cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 42 of 78
CVE-2016-2808P3HIGHCVSS 7.5fixed in firefox 46.0-1 (sid)2016
CVE-2016-2808 [HIGH] CVE-2016-2808: firefox - The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0... The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site. Scope: local sid: resolved (fixed i
debian
CVE-2017-5399P3CRITICALCVSS 9.8fixed in firefox 52.0-1 (sid)2017
CVE-2017-5399 [CRITICAL] CVE-2017-5399: firefox - Memory safety bugs were reported in Firefox 51. Some of these bugs showed eviden... Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52 and Thunderbird < 52. Scope: local sid: resolved (fixed in 52.0-1)
debian
CVE-2016-9080P3CRITICALCVSS 9.8fixed in firefox 50.1.0-1 (sid)2016
CVE-2016-9080 [CRITICAL] CVE-2016-9080: firefox - Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed ev... Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1. Scope: local sid: resolved (fixed in 50.1.0-1)
debian
CVE-2018-5186P3CRITICALCVSS 9.8fixed in firefox 61.0-1 (sid)2018
CVE-2018-5186 [CRITICAL] CVE-2018-5186: firefox - Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of ... Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 61. Scope: local sid: resolved (fixed in 61.0-1)
debian
CVE-2018-18502P3CRITICALCVSS 9.8fixed in firefox 65.0-1 (sid)2018
CVE-2018-18502 [CRITICAL] CVE-2018-18502: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 65. Scope: local sid: resolved (fixed in 65.0-1)
debian
CVE-2016-5289P3CRITICALCVSS 9.8fixed in firefox 50.0-1 (sid)2016
CVE-2016-5289 [CRITICAL] CVE-2016-5289: firefox - Memory safety bugs were reported in Firefox 49. Some of these bugs showed eviden... Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50. Scope: local sid: resolved (fixed in 50.0-1)
debian
CVE-2018-5134P3HIGHCVSS 7.5fixed in firefox 59.0-1 (sid)2018
CVE-2018-5134 [HIGH] CVE-2018-5134: firefox - WebExtensions may use "view-source:" URLs to view local "file:" URL content, as ... WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stored in "about:cache", bypassing restrictions that only allow WebExtensions to view specific content. This vulnerability affects Firefox < 59. Scope: local sid: resolved (fixed in 59.0-1)
debian
CVE-2017-5388P3HIGHCVSS 7.5fixed in firefox 51.0-1 (sid)2017
CVE-2017-5388 [HIGH] CVE-2017-5388: firefox - A STUN server in conjunction with a large number of "webkitRTCPeerConnection" ob... A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. This vulnerability affects Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)
debian
CVE-2017-7780P3CRITICALCVSS 9.8fixed in firefox 55.0-1 (sid)2017
CVE-2017-7780 [CRITICAL] CVE-2017-7780: firefox - Memory safety bugs were reported in Firefox 54. Some of these bugs showed eviden... Memory safety bugs were reported in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)
debian
CVE-2018-5157P3HIGHCVSS 7.5fixed in firefox 60.0-1 (sid)2018
CVE-2018-5157 [HIGH] CVE-2018-5157: firefox - Same-origin protections for the PDF viewer can be bypassed, allowing a malicious... Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60. Scope: local sid: resolved (fixed in 60.0-1)
debian
CVE-2017-5374P3CRITICALCVSS 9.8fixed in firefox 51.0-1 (sid)2017
CVE-2017-5374 [CRITICAL] CVE-2017-5374: firefox - Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evid... Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)
debian
CVE-2021-38498P3HIGHCVSS 7.5fixed in firefox 93.0-1 (sid)2021
CVE-2021-38498 [HIGH] CVE-2021-38498: firefox - During process shutdown, a document could have caused a use-after-free of a lang... During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. Scope: local sid: resolved (fixed in 93.0-1)
debian
CVE-2017-5471P3CRITICALCVSS 9.8fixed in firefox 54.0-1 (sid)2017
CVE-2017-5471 [CRITICAL] CVE-2017-5471: firefox - Memory safety bugs were reported in Firefox 53. Some of these bugs showed eviden... Memory safety bugs were reported in Firefox 53. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54. Scope: local sid: resolved (fixed in 54.0-1)
debian
CVE-2020-12391P3HIGHCVSS 7.5fixed in firefox 76.0-1 (sid)2020
CVE-2020-12391 [HIGH] CVE-2020-12391: firefox - Documents formed using data: URLs in an OBJECT element failed to inherit the CSP... Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox < 76. Scope: local sid: resolved (fixed in 76.0-1)
debian
CVE-2023-5728P3HIGHCVSS 7.5fixed in firefox 119.0-1 (sid)2023
CVE-2023-5728 [HIGH] CVE-2023-5728: firefox - During garbage collection extra operations were performed on a object that shoul... During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Scope: local sid: resolved (fixed in 119.0-1)
debian
CVE-2024-9956P3HIGHCVSS 7.8fixed in chromium 130.0.6723.58-1~deb12u1 (bookworm)2024
CVE-2024-9956 [HIGH] CVE-2024-9956: chromium - Inappropriate implementation in WebAuthentication in Google Chrome on Android pr... Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 130.0.6723.58-1~deb12u1) bullseye: open forky: resolved (fixed in 130.0.6723.58-1) sid: resolved (fixed in
debian
CVE-2022-22737P3HIGHCVSS 7.5fixed in firefox 96.0-1 (sid)2022
CVE-2022-22737 [HIGH] CVE-2022-22737: firefox - Constructing audio sinks could have lead to a race condition when playing audio ... Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)
debian
CVE-2016-2794P3HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-2794 [HIGH] CVE-2016-2794: firefox - The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 befor... The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. Scope: local sid: resolved (fixed in 45.0-1)
debian
CVE-2024-7652P3HIGHCVSS 7.5fixed in firefox 128.0-1 (sid)2024
CVE-2024-7652 [HIGH] CVE-2024-7652: firefox - An error in the ECMA-262 specification relating to Async Generators could have r... An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. Scope: local sid: resolved (fixed in 128.0-1)
debian
CVE-2016-2834P3HIGHCVSS 8.8fixed in firefox 47.0-1 (sid)2016
CVE-2016-2834 [HIGH] CVE-2016-2834: firefox - Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox ... Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. Scope: local sid: resolved (fixed in 47.0-1)
debian
Debian Firefox vulnerabilities | cvebase