cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 46 of 78
CVE-2025-4085P3HIGHCVSS 7.1fixed in firefox 138.0-1 (sid)2025
CVE-2025-4085 [HIGH] CVE-2025-4085: firefox - An attacker with control over a content process could potentially leverage the p... An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138. Scope: local sid: resolved (fixed in 138.0-1)
debian
CVE-2018-12406P3HIGHCVSS 8.8fixed in firefox 64.0-1 (sid)2018
CVE-2018-12406 [HIGH] CVE-2018-12406: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 64. Scope: local sid: resolved (fixed in 64.0-1)
debian
CVE-2006-3801P3HIGHCVSS 7.5fixed in firefox 1.5.dfsg+1.5.0.5-1 (sid)2006
CVE-2006-3801 [HIGH] CVE-2006-3801: firefox - Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly ... Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.5-1)
debian
CVE-2019-17013P3HIGHCVSS 8.8fixed in firefox 71.0-1 (sid)2019
CVE-2019-17013 [HIGH] CVE-2019-17013: firefox - Mozilla developers reported memory safety bugs present in Firefox 70. Some of th... Mozilla developers reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 71. Scope: local sid: resolved (fixed in 71.0-1)
debian
CVE-2006-1045P4LOWCVSS 2.6PoCfixed in firefox 1.5.dfsg+1.5.0.2-1 (sid)2006
CVE-2006-1045 [LOW] CVE-2006-1045: firefox - The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of rem... The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed. Sco
debian
CVE-2016-5296P3HIGHCVSS 7.5fixed in firefox 50.0-1 (sid)2016
CVE-2016-5296 [HIGH] CVE-2016-5296: firefox - A heap-buffer-overflow in Cairo when processing SVG content caused by compiler o... A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Scope: local sid: resolved (fixed in 50.0-1)
debian
CVE-2017-7813P3HIGHCVSS 8.2fixed in firefox 56.0-1 (sid)2017
CVE-2017-7813 [HIGH] CVE-2017-7813: firefox - Inside the JavaScript parser, a cast of an integer to a narrower type can result... Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identifier syntax. This vulnerability affects Firefox < 56. Scope: local sid: resolved (fixed in 56.0-1)
debian
CVE-2016-9070P3HIGHCVSS 8.0fixed in firefox 50.0-1 (sid)2016
CVE-2016-9070 [HIGH] CVE-2016-9070: firefox - A maliciously crafted page loaded to the sidebar through a bookmark can referenc... A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox < 50. Scope: local sid: resolved (fixed in 50.0-1)
debian
CVE-2016-5266P3HIGHCVSS 8.1fixed in firefox 48.0-1 (sid)2016
CVE-2016-5266 [HIGH] CVE-2016-5266: firefox - Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTr... Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site. Scope: local sid: resolved (fixed in 48.0-1)
debian
CVE-2019-5849P3HIGHCVSS 8.1fixed in chromium 76.0.3809.87-1 (bookworm)2019
CVE-2019-5849 [HIGH] CVE-2019-5849: chromium - Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remo... Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Scope: local bookworm: resolved (fixed in 76.0.3809.87-1) bullseye: resolved (fixed in 76.0.3809.87-1) forky: resolved (fixed in 76.0.3809.87-1) sid: resolved (fixed in 76.0.3809.87-1) tri
debian
CVE-2016-2821P3HIGHCVSS 7.5fixed in firefox 47.0-1 (sid)2016
CVE-2016-2821 [HIGH] CVE-2016-2821: firefox - Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firef... Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor. Scope: local sid: resolved
debian
CVE-2017-5445P3HIGHCVSS 7.5fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5445 [HIGH] CVE-2017-5445: firefox - A vulnerability while parsing "application/http-index-format" format content whe... A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)
debian
CVE-2018-5160P3HIGHCVSS 7.5fixed in firefox 60.0-1 (sid)2018
CVE-2018-5160 [HIGH] CVE-2018-5160: firefox - WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object ca... WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash. This vulnerability affects Firefox < 60. Scope: local sid: resolved (fixed in 60.0-1)
debian
CVE-2017-5422P3HIGHCVSS 7.5fixed in firefox 52.0-1 (sid)2017
CVE-2017-5422 [HIGH] CVE-2017-5422: firefox - If a malicious site uses the "view-source:" protocol in a series within a single... If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making "view-source:" linkable. This vulnerability affects Firefox < 52 and Thunderbird < 52. Scope: local sid: resolved (fixed in 52.0-1)
debian
CVE-2017-7806P3HIGHCVSS 7.5fixed in firefox 55.0-1 (sid)2017
CVE-2017-7806 [HIGH] CVE-2017-7806: firefox - A use-after-free vulnerability can occur when the layer manager is freed too ear... A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)
debian
CVE-2017-5421P3HIGHCVSS 7.5fixed in firefox 52.0-1 (sid)2017
CVE-2017-5421 [HIGH] CVE-2017-5421: firefox - A malicious site could spoof the contents of the print preview window if popup w... A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < 52 and Thunderbird < 52. Scope: local sid: resolved (fixed in 52.0-1)
debian
CVE-2022-42927P3HIGHCVSS 8.1fixed in firefox 106.0-1 (sid)2022
CVE-2022-42927 [HIGH] CVE-2022-42927: firefox - A same-origin policy violation could have allowed the theft of cross-origin URL ... A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via `performance.getEntries()`. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. Scope: local sid: resolved (fixed in 106.0-1)
debian
CVE-2017-5385P3HIGHCVSS 7.5fixed in firefox 51.0-1 (sid)2017
CVE-2017-5385 [HIGH] CVE-2017-5385: firefox - Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME... Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. This vulnerability affects Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)
debian
CVE-2018-5136P3HIGHCVSS 7.5fixed in firefox 59.0-1 (sid)2018
CVE-2018-5136 [HIGH] CVE-2018-5136: firefox - A shared worker created from a "data:" URL in one tab can be shared by another t... A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox < 59. Scope: local sid: resolved (fixed in 59.0-1)
debian
CVE-2019-17010P3HIGHCVSS 7.5fixed in firefox 71.0-1 (sid)2019
CVE-2019-17010 [HIGH] CVE-2019-17010: firefox - Under certain conditions, when checking the Resist Fingerprinting preference dur... Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Scope: local sid: resolved (fixed in 71.0-1)
debian
Debian Firefox vulnerabilities | cvebase