Debian Firefox vulnerabilities
1,550 known vulnerabilities affecting debian/firefox.
Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42
Vulnerabilities
Page 59 of 78
CVE-2020-16042P4MEDIUMCVSS 6.5fixed in chromium 87.0.4280.88-0.1 (bookworm)2020
CVE-2020-16042 [MEDIUM] CVE-2020-16042: chromium - Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote ...
Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 87.0.4280.88-0.1)
bullseye: resolved (fixed in 87.0.4280.88-0.1)
forky: resolved (fixed in 87.0.4280.88-0.1)
sid: resolved (fixed in 87.0.4280.88
debian
CVE-2023-6205P4MEDIUMCVSS 6.5fixed in firefox 120.0-1 (sid)2023
CVE-2023-6205 [MEDIUM] CVE-2023-6205: firefox - It was possible to cause the use of a MessagePort after it had already been free...
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Scope: local
sid: resolved (fixed in 120.0-1)
debian
CVE-2019-11697P4MEDIUMCVSS 6.5fixed in firefox 67.0-2 (sid)2019
CVE-2019-11697 [MEDIUM] CVE-2019-11697: firefox - If the ALT and "a" keys are pressed when users receive an extension installation...
If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. This vul
debian
CVE-2022-22742P4MEDIUMCVSS 6.5fixed in firefox 96.0-1 (sid)2022
CVE-2022-22742 [MEDIUM] CVE-2022-22742: firefox - When inserting text while in edit mode, some characters might have lead to out-o...
When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
Scope: local
sid: resolved (fixed in 96.0-1)
debian
CVE-2023-29535P4MEDIUMCVSS 6.5fixed in firefox 112.0-1 (sid)2023
CVE-2023-29535 [MEDIUM] CVE-2023-29535: firefox - Following a Garbage Collector compaction, weak maps may have been accessed befor...
Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
Scope: local
sid: resolved (fixed in 112.0
debian
CVE-2024-0746P4MEDIUMCVSS 6.5fixed in firefox 122.0-1 (sid)2024
CVE-2024-0746 [MEDIUM] CVE-2024-0746: firefox - A Linux user opening the print preview dialog could have caused the browser to c...
A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Scope: local
sid: resolved (fixed in 122.0-1)
debian
CVE-2021-23996P4MEDIUMCVSS 6.5fixed in firefox 88.0-1 (sid)2021
CVE-2021-23996 [MEDIUM] CVE-2021-23996: firefox - By utilizing 3D CSS in conjunction with Javascript, content could have been rend...
By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other attacks on a user. This vulnerability affects Firefox < 88.
Scope: local
sid: resolved (fixed in 88.0-1)
debian
CVE-2023-32206P4MEDIUMCVSS 6.5fixed in firefox 113.0-1 (sid)2023
CVE-2023-32206 [MEDIUM] CVE-2023-32206: firefox - An out-of-bound read could have led to a crash in the RLBox Expat driver. This v...
An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Scope: local
sid: resolved (fixed in 113.0-1)
debian
CVE-2022-45403P4MEDIUMCVSS 6.5fixed in firefox 107.0-1 (sid)2022
CVE-2022-45403 [MEDIUM] CVE-2022-45403: firefox - Service Workers should not be able to infer information about opaque cross-origi...
Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
Scope: local
sid: resolved (fixed
debian
CVE-2023-6210P4MEDIUMCVSS 6.5fixed in firefox 120.0-1 (sid)2023
CVE-2023-6210 [MEDIUM] CVE-2023-6210: firefox - When an https: web page created a pop-up from a "javascript:" URL, that pop-up w...
When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120.
Scope: local
sid: resolved (fixed in 120.0-1)
debian
CVE-2021-23998P4MEDIUMCVSS 6.5fixed in firefox 88.0-1 (sid)2021
CVE-2021-23998 [MEDIUM] CVE-2021-23998: firefox - Through complicated navigations with new windows, an HTTP page could have inheri...
Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
Scope: local
sid: resolved (fixed in 88.0-1)
debian
CVE-2021-38497P4MEDIUMCVSS 6.5fixed in firefox 93.0-1 (sid)2021
CVE-2021-38497 [MEDIUM] CVE-2021-38497: firefox - Through use of reportValidity() and window.open(), a plain-text validation messa...
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Scope: local
sid: resolved (fixed in 93.0-1)
debian
CVE-2020-15682P4MEDIUMCVSS 6.5fixed in firefox 82.0-1 (sid)2020
CVE-2020-15682 [MEDIUM] CVE-2020-15682: firefox - When a link to an external protocol was clicked, a prompt was presented that all...
When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be i
debian
CVE-2024-11706P4MEDIUMCVSS 6.5fixed in firefox 134.0-1 (sid)2024
CVE-2024-11706 [MEDIUM] CVE-2024-11706: firefox - A null pointer dereference may have inadvertently occurred in `pk12util`, and sp...
A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox < 133 and Thunderbird < 133.
Scope: local
sid: resolved (fixed in 134.0-1)
debian
CVE-2023-29547P4MEDIUMCVSS 6.5fixed in firefox 112.0-1 (sid)2023
CVE-2023-29547 [MEDIUM] CVE-2023-29547: firefox - When a secure cookie existed in the Firefox cookie jar an insecure cookie for th...
When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
Scope: local
debian
CVE-2022-31743P4MEDIUMCVSS 6.5fixed in firefox 101.0-1 (sid)2022
CVE-2022-31743 [MEDIUM] CVE-2022-31743: firefox - Firefox's HTML parser did not correctly interpret HTML comment tags, resulting i...
Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. This vulnerability affects Firefox < 101.
Scope: local
sid: resolved (fixed in 101.0-1)
debian
CVE-2022-45419P4MEDIUMCVSS 6.5fixed in firefox 107.0-1 (sid)2022
CVE-2022-45419 [MEDIUM] CVE-2022-45419: firefox - If the user added a security exception for an invalid TLS certificate, opened an...
If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS connection with a server that used that certificate, and then deleted the exception, Firefox would have kept the connection alive, making it seem like the certificate was still trusted. This vulnerability affects Firefox < 107.
Scope: local
sid: resolved (fixed in 107.0-1)
debian
CVE-2023-23601P4MEDIUMCVSS 6.5fixed in firefox 109.0-1 (sid)2023
CVE-2023-23601 [MEDIUM] CVE-2023-23601: firefox - Navigations were being allowed when dragging a URL from a cross-origin iframe in...
Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.
Scope: local
sid: resolved (fixed in 109.0-1)
debian
CVE-2016-9076P4MEDIUMCVSS 5.9fixed in firefox 50.0-1 (sid)2016
CVE-2016-9076 [MEDIUM] CVE-2016-9076: firefox - An issue where a "<select>" dropdown menu can be used to cover location bar cont...
An issue where a "" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox < 50.
Scope: local
sid: resolved (fixed in 50.0-1)
debian
CVE-2024-9936P4MEDIUMCVSS 6.5fixed in firefox 131.0.3-1 (sid)2024
CVE-2024-9936 [MEDIUM] CVE-2024-9936: firefox - When manipulating the selection node cache, an attacker may have been able to ca...
When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3.
Scope: local
sid: resolved (fixed in 131.0.3-1)
debian