cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 50 of 78
CVE-2006-5463P4HIGHCVSS 7.5fixed in firefox 45.0-1 (sid)2006
CVE-2006-5463 [HIGH] CVE-2006-5463: firefox - Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before ... Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing. Scope: local sid: resolved (fixed in 45.0-1)
debian
CVE-2016-9069P4HIGHCVSS 7.8fixed in firefox 50.0-1 (sid)2016
CVE-2016-9069 [HIGH] CVE-2016-9069: firefox - A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulti... A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50. Scope: local sid: resolved (fixed in 50.0-1)
debian
CVE-2017-7814P4HIGHCVSS 7.8fixed in firefox 56.0-1 (sid)2017
CVE-2017-7814 [HIGH] CVE-2017-7814: firefox - File downloads encoded with "blob:" and "data:" URL elements bypassed normal fil... File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firef
debian
CVE-2019-11696P4HIGHCVSS 7.8fixed in firefox 67.0-2 (sid)2019
CVE-2019-11696 [HIGH] CVE-2019-11696: firefox - Files with the .JNLP extension used for "Java web start" applications are not tr... Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability affects Firefox < 67. Scope: local sid: resolved (fixed in 67.0-2)
debian
CVE-2006-3811P4HIGHCVSS 7.5fixed in firefox 1.5.dfsg+1.5.0.5-1 (sid)2006
CVE-2006-3811 [HIGH] CVE-2006-3811: firefox - Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1... Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-m
debian
CVE-2006-4561P4LOWCVSS 7.5fixed in firefox 1.5.dfsg+1.5.0.7-1 (sid)2006
CVE-2006-4561 [HIGH] CVE-2006-4561: firefox - Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary JavaScript ... Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a ne
debian
CVE-2018-12365P4MEDIUMCVSS 6.5fixed in firefox 61.0-1 (sid)2018
CVE-2018-12365 [MEDIUM] CVE-2018-12365: firefox - A compromised IPC child process can escape the content sandbox and list the name... A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Scope: local sid: resolved (fixe
debian
CVE-2006-2776P4HIGHCVSS 7.5fixed in firefox 1.5.dfsg+1.5.0.4-1 (sid)2006
CVE-2006-2776 [HIGH] CVE-2006-2776: firefox - Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 cal... Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.4-1)
debian
CVE-2016-1963P4HIGHCVSS 7.4fixed in firefox 45.0-1 (sid)2016
CVE-2016-1963 [HIGH] CVE-2016-1963: firefox - The FileReader class in Mozilla Firefox before 45.0 allows local users to gain p... The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation. Scope: local sid: resolved (fixed in 45.0-1)
debian
CVE-2016-2816P4MEDIUMCVSS 6.5fixed in firefox 46.0-1 (sid)2016
CVE-2016-2816 [MEDIUM] CVE-2016-2816: firefox - Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Securi... Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type. Scope: local sid: resolved (fixed in 46.0-1)
debian
CVE-2006-3806P4HIGHCVSS 7.5fixed in firefox 1.5.dfsg+1.5.0.5-1 (sid)2006
CVE-2006-3806 [HIGH] CVE-2006-3806: firefox - Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.... Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments." Scope: local sid: re
debian
CVE-2025-10527P4HIGHCVSS 7.1fixed in firefox 143.0-1 (sid)2025
CVE-2025-10527 [HIGH] CVE-2025-10527: firefox - Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This v... Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. Scope: local sid: resolved (fixed in 143.0-1)
debian
CVE-2023-6209P4MEDIUMCVSS 6.5fixed in firefox 120.0-1 (sid)2023
CVE-2023-6209 [MEDIUM] CVE-2023-6209: firefox - Relative URLs starting with three slashes were incorrectly parsed, and a path-tr... Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Scope: local sid: resolved (fixed in 120.0-1)
debian
CVE-2020-26965P4MEDIUMCVSS 6.5fixed in firefox 83.0-1 (sid)2020
CVE-2020-26965 [MEDIUM] CVE-2020-26965: firefox - Some websites have a feature "Show Password" where clicking a button will change... Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility
debian
CVE-2023-6865P4MEDIUMCVSS 6.5fixed in firefox 121.0-1 (sid)2023
CVE-2023-6865 [MEDIUM] CVE-2023-6865: firefox - `EncryptingOutputStream` was susceptible to exposing uninitialized data. This i... `EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)
debian
CVE-2025-3028P4MEDIUMCVSS 6.5fixed in firefox 137.0-1 (sid)2025
CVE-2025-3028 [MEDIUM] CVE-2025-3028: firefox - JavaScript code running while transforming a document with the XSLTProcessor cou... JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox < 137, Firefox ESR < 115.22, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9. Scope: local sid: resolved (fixed in 137.0-1)
debian
CVE-2026-24868P4MEDIUMCVSS 6.5fixed in firefox 147.0.2-1 (sid)2026
CVE-2026-24868 [MEDIUM] CVE-2026-24868: firefox - Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability af... Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability affects Firefox < 147.0.2. Scope: local sid: resolved (fixed in 147.0.2-1)
debian
CVE-2006-1737P4MEDIUMCVSS 9.3fixed in firefox 1.5.dfsg+1.5.0.2-2 (sid)2006
CVE-2006-1737 [CRITICAL] CVE-2006-1737: firefox - Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x bef... Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.2-2)
debian
CVE-2006-3808P4MEDIUMCVSS 7.5fixed in firefox 1.5.dfsg+1.5.0.5-1 (sid)2006
CVE-2006-3808 [HIGH] CVE-2006-3808: firefox - Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy Au... Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig (PAC) servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.5-1)
debian
CVE-2017-7771P4HIGHCVSS 8.1fixed in firefox 54.0-1 (sid)2017
CVE-2017-7771 [HIGH] CVE-2017-7771: firefox - Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass:... Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. Scope: local sid: resolved (fixed in 54.0-1)
debian
Debian Firefox vulnerabilities | cvebase