cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 55 of 78
CVE-2024-7526P4MEDIUMCVSS 6.5fixed in firefox 129.0-1 (sid)2024
CVE-2024-7526 [MEDIUM] CVE-2024-7526: firefox - ANGLE failed to initialize parameters which lead to reading from uninitialized m... ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Scope: local sid: resolved (fixed in 129.0-1)
debian
CVE-2023-4573P4MEDIUMCVSS 6.5fixed in firefox 117.0-1 (sid)2023
CVE-2023-4573 [MEDIUM] CVE-2023-4573: firefox - When receiving rendering data over IPC `mStream` could have been destroyed when ... When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Scope: local sid: resolved (fixed in 117.0-1)
debian
CVE-2023-32210P4MEDIUMCVSS 6.5fixed in firefox 113.0-1 (sid)2023
CVE-2023-32210 [MEDIUM] CVE-2023-32210: firefox - Documents were incorrectly assuming an ordering of principal objects when ensuri... Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113. Scope: local sid: resolved (fixed in 113.0-1)
debian
CVE-2024-7518P4MEDIUMCVSS 6.5fixed in firefox 129.0-1 (sid)2024
CVE-2024-7518 [MEDIUM] CVE-2024-7518: firefox - Select options could obscure the fullscreen notification dialog. This could be u... Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. Scope: local sid: resolved (fixed in 129.0-1)
debian
CVE-2023-37204P4MEDIUMCVSS 6.5fixed in firefox 115.0-1 (sid)2023
CVE-2023-37204 [MEDIUM] CVE-2023-37204: firefox - A website could have obscured the fullscreen notification by using an option ele... A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115. Scope: local sid: resolved (fixed in 115.0-1)
debian
CVE-2022-38472P4MEDIUMCVSS 6.5fixed in firefox 104.0-1 (sid)2022
CVE-2022-38472 [MEDIUM] CVE-2022-38472: firefox - An attacker could have abused XSLT error handling to associate attacker-controll... An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Fir
debian
CVE-2025-8033P4MEDIUMCVSS 6.5fixed in firefox 141.0-1 (sid)2025
CVE-2025-8033 [MEDIUM] CVE-2025-8033: firefox - The JavaScript engine did not handle closed generators correctly and it was poss... The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. Scope: local sid: resolved (fixed in 141.0-1)
debian
CVE-2016-5288P4MEDIUMCVSS 5.9fixed in firefox 50.0-1 (sid)2016
CVE-2016-5288 [MEDIUM] CVE-2016-5288: firefox - Web content could access information in the HTTP cache if e10s is disabled. This... Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2. Scope: local sid: resolved (fixed in 50.0-1)
debian
CVE-2022-34471P4MEDIUMCVSS 6.5fixed in firefox 102.0-1 (sid)2022
CVE-2022-34471 [MEDIUM] CVE-2022-34471: firefox - When downloading an update for an addon, the downloaded addon update's version w... When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. This vulnerability affects Firefox < 102. Scope: local sid: resolved (fixed in 102.0
debian
CVE-2026-4728P4MEDIUMCVSS 6.5fixed in firefox 149.0-1 (sid)2026
CVE-2026-4728 [MEDIUM] CVE-2026-4728: firefox - Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability affec... Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability affects Firefox < 149 and Thunderbird < 149. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2025-9183P4MEDIUMCVSS 6.5fixed in firefox 142.0-1 (sid)2025
CVE-2025-9183 [MEDIUM] CVE-2025-9183: firefox - Spoofing issue in the Address Bar component. This vulnerability affects Firefox ... Spoofing issue in the Address Bar component. This vulnerability affects Firefox < 142 and Firefox ESR < 140.2. Scope: local sid: resolved (fixed in 142.0-1)
debian
CVE-2025-11718P4MEDIUMCVSS 6.5fixed in firefox 144.0-1 (sid)2025
CVE-2025-11718 [MEDIUM] CVE-2025-11718: firefox - When the address bar was hidden due to scrolling on Android, a malicious page co... When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event This vulnerability affects Firefox < 144. Scope: local sid: resolved (fixed in 144.0-1)
debian
CVE-2019-9793P4MEDIUMCVSS 5.9fixed in firefox 66.0-1 (sid)2019
CVE-2019-9793 [MEDIUM] CVE-2019-9793: firefox - A mechanism was discovered that removes some bounds checking for string, array, ... A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disa
debian
CVE-2017-5384P4MEDIUMCVSS 5.9fixed in firefox 51.0-1 (sid)2017
CVE-2017-5384 [MEDIUM] CVE-2017-5384: firefox - Proxy Auto-Config (PAC) files can specify a JavaScript function called for all U... Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (
debian
CVE-2006-3809P4MEDIUMCVSS 7.5fixed in firefox 1.5.dfsg+1.5.0.5-1 (sid)2006
CVE-2006-3809 [HIGH] CVE-2006-3809: firefox - Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before... Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.5-1)
debian
CVE-2016-1967P4MEDIUMCVSS 5.0fixed in firefox 45.0-1 (sid)2016
CVE-2016-1967 [MEDIUM] CVE-2016-1967: firefox - Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAM... Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because
debian
CVE-2018-12366P4MEDIUMCVSS 6.5fixed in firefox 61.0-1 (sid)2018
CVE-2018-12366 [MEDIUM] CVE-2018-12366: firefox - An invalid grid size during QCMS (color profile) transformations can result in t... An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Scope: local sid: resolved (fixed in 61.0-1)
debian
CVE-2017-7830P4MEDIUMCVSS 6.5fixed in firefox 57.0-1 (sid)2017
CVE-2017-7830 [MEDIUM] CVE-2017-7830: firefox - The Resource Timing API incorrectly revealed navigations in cross-origin iframes... The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. Scope: local sid: resolved (fixed in 57.0-1)
debian
CVE-2019-11742P4MEDIUMCVSS 6.5fixed in firefox 69.0-1 (sid)2019
CVE-2019-11742 [MEDIUM] CVE-2019-11742: firefox - A same-origin policy violation occurs allowing the theft of cross-origin images ... A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firef
debian
CVE-2021-43536P4MEDIUMCVSS 6.5fixed in firefox 95.0-1 (sid)2021
CVE-2021-43536 [MEDIUM] CVE-2021-43536: firefox - Under certain circumstances, asynchronous functions could have caused a navigati... Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Scope: local sid: resolved (fixed in 95.0-1)
debian
Debian Firefox vulnerabilities | cvebase