cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 45 of 78
CVE-2018-5135P3HIGHCVSS 7.5fixed in firefox 59.0-1 (sid)2018
CVE-2018-5135 [HIGH] CVE-2018-5135: firefox - WebExtensions can bypass normal restrictions in some circumstances and use "brow... WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox < 59. Scope: local sid: resolved (fixed in 59.0-1)
debian
CVE-2017-5382P3HIGHCVSS 7.5fixed in firefox 51.0-1 (sid)2017
CVE-2017-5382 [HIGH] CVE-2017-5382: firefox - Feed preview for RSS feeds can be used to capture errors and exceptions generate... Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)
debian
CVE-2018-5126P3CRITICALCVSS 9.8fixed in firefox 59.0-1 (sid)2018
CVE-2018-5126 [CRITICAL] CVE-2018-5126: firefox - Memory safety bugs were reported in Firefox 58. Some of these bugs showed eviden... Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 59. Scope: local sid: resolved (fixed in 59.0-1)
debian
CVE-2016-9902P3HIGHCVSS 7.5fixed in firefox 50.1.0-1 (sid)2016
CVE-2016-9902 [HIGH] CVE-2016-9902: firefox - The Pocket toolbar button, once activated, listens for events fired from it's ow... The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s enabled. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50
debian
CVE-2017-5381P3HIGHCVSS 7.5fixed in firefox 51.0-1 (sid)2017
CVE-2017-5381 [HIGH] CVE-2017-5381: firefox - The "export" function in the Certificate Viewer can force local filesystem navig... The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. This vulnerability affects Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)
debian
CVE-2019-9799P3HIGHCVSS 7.5fixed in firefox 66.0-1 (sid)2019
CVE-2019-9799 [HIGH] CVE-2019-9799: firefox - Insufficient bounds checking of data during inter-process communication might al... Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. This vulnerability affects Firefox < 66. Scope: local sid: resolved (fixed in 66.0-1)
debian
CVE-2017-7836P3HIGHCVSS 7.8fixed in firefox 57.0-1 (sid)2017
CVE-2017-7836 [HIGH] CVE-2017-7836: firefox - The "pingsender" executable used by the Firefox Health Report dynamically loads ... The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges. Note: This attack requires an attacker have local system access and only affects OS X and Linux. Windows systems are not affected
debian
CVE-2021-23961P3HIGHCVSS 7.4fixed in firefox 85.0-1 (sid)2021
CVE-2021-23961 [HIGH] CVE-2021-23961: firefox - Further techniques that built on the slipstream research combined with a malicio... Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85. Scope: local sid: resolved (fixed in 85.0-1)
debian
CVE-2019-9814P3CRITICALCVSS 9.8fixed in firefox 67.0-2 (sid)2019
CVE-2019-9814 [CRITICAL] CVE-2019-9814: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 67. Scope: local sid: resolved (fixed in 67.0-2)
debian
CVE-2019-11734P3CRITICALCVSS 9.8fixed in firefox 69.0-1 (sid)2019
CVE-2019-11734 [CRITICAL] CVE-2019-11734: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69. Scope: local sid: resolved (fixed in 69.0-1)
debian
CVE-2023-37208P3HIGHCVSS 7.8fixed in firefox 115.0-1 (sid)2023
CVE-2023-37208 [HIGH] CVE-2023-37208: firefox - When opening Diagcab files, Firefox did not warn the user that these files may c... When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Scope: local sid: resolved (fixed in 115.0-1)
debian
CVE-2020-6826P3CRITICALCVSS 9.8fixed in firefox 75.0-1 (sid)2020
CVE-2020-6826 [CRITICAL] CVE-2020-6826: firefox - Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory ... Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 75. Scope: local sid: resolved (fixed in 75.0-1)
debian
CVE-2019-11723P3HIGHCVSS 7.5fixed in firefox 68.0-1 (sid)2019
CVE-2019-11723 [HIGH] CVE-2019-11723: firefox - A vulnerability exists during the installation of add-ons where the initial fetc... A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. This could leak cookies in private browsing mode or across different "containers" for people who use the Firefox Multi-Account Containers Web Extension. This vulnerability affects Firefox < 68. Scope: local sid: resolved (fixed in
debian
CVE-2017-5468P3CRITICALCVSS 9.1fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5468 [CRITICAL] CVE-2017-5468: firefox - An issue with incorrect ownership model of "privateBrowsing" information exposed... An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vulnerability affects Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)
debian
CVE-2016-1952P3HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-1952 [HIGH] CVE-2016-1952: firefox - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox be... Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Scope: local sid: resolved (fixed in 45.0-1)
debian
CVE-2016-2793P3HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-2793 [HIGH] CVE-2016-2793: firefox - CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.... CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. Scope: local sid: resolved (fixed in 45.0-1)
debian
CVE-2006-2780P3HIGHCVSS 9.3fixed in firefox 1.5.dfsg+1.5.0.4-1 (sid)2006
CVE-2006-2780 [CRITICAL] CVE-2006-2780: firefox - Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote... Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.4-1)
debian
CVE-2016-2798P3HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-2798 [HIGH] CVE-2016-2798: firefox - The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, a... The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. Scope: local sid: resolved (fixed in 45.0-1)
debian
CVE-2016-2802P3HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-2802 [HIGH] CVE-2016-2802: firefox - The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before... The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. Scope: local sid: resolved (fixed in 45.0-1)
debian
CVE-2016-2791P3HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-2791 [HIGH] CVE-2016-2791: firefox - The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in... The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. Scope: local sid: resolved (fixed in 45.0-1)
debian
Debian Firefox vulnerabilities | cvebase