cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 6 of 78
CVE-2026-2764P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2764 [CRITICAL] CVE-2026-2764: firefox - JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This... JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)
debian
CVE-2026-4721P3CRITICALCVSS 9.8fixed in firefox 149.0-1 (sid)2026
CVE-2026-4721 [CRITICAL] CVE-2026-4721: firefox - Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird... Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9
debian
CVE-2025-14330P3CRITICALCVSS 9.8fixed in firefox 146.0-1 (sid)2025
CVE-2025-14330 [CRITICAL] CVE-2025-14330: firefox - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability a... JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. Scope: local sid: resolved (fixed in 146.0-1)
debian
CVE-2026-4705P3CRITICALCVSS 9.8fixed in firefox 149.0-1 (sid)2026
CVE-2026-4705 [CRITICAL] CVE-2026-4705: firefox - Undefined behavior in the WebRTC: Signaling component. This vulnerability affect... Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2026-2788P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2788 [CRITICAL] CVE-2026-2788: firefox - Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerabil... Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)
debian
CVE-2026-4710P3CRITICALCVSS 9.8fixed in firefox 149.0-1 (sid)2026
CVE-2026-4710 [CRITICAL] CVE-2026-4710: firefox - Incorrect boundary conditions in the Audio/Video component. This vulnerability a... Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2026-2787P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2787 [CRITICAL] CVE-2026-2787: firefox - Use-after-free in the DOM: Window and Location component. This vulnerability aff... Use-after-free in the DOM: Window and Location component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)
debian
CVE-2026-2759P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2759 [CRITICAL] CVE-2026-2759: firefox - Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerab... Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)
debian
CVE-2026-2793P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2793 [CRITICAL] CVE-2026-2793: firefox - Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird... Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8
debian
CVE-2025-6427P3CRITICALCVSS 9.1fixed in firefox 140.0-1 (sid)2025
CVE-2025-6427 [CRITICAL] CVE-2025-6427: firefox - An attacker was able to bypass the `connect-src` directive of a Content Security... An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox < 140 and Thunderbird < 140. Scope: local sid: resolved (fixed in 140.0-1)
debian
CVE-2024-29944P3HIGHCVSS 8.4fixed in firefox 124.0.1-1 (sid)2024
CVE-2024-29944 [HIGH] CVE-2024-29944: firefox - An attacker was able to inject an event handler into a privileged object that wo... An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1. Scope: local sid: resolved (fixed in 124.0.1-1)
debian
CVE-2018-18500P3CRITICALCVSS 9.8fixed in firefox 65.0-1 (sid)2018
CVE-2018-18500 [CRITICAL] CVE-2018-18500: firefox - A use-after-free vulnerability can occur while parsing an HTML5 stream in concer... A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. Scope: local sid: resolved (fixed in 65.0-1)
debian
CVE-2024-8385P3CRITICALCVSS 9.8fixed in firefox 130.0-1 (sid)2024
CVE-2024-8385 [CRITICAL] CVE-2024-8385: firefox - A difference in the handling of StructFields and ArrayTypes in WASM could be use... A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. Scope: local sid: resolved (fixed in 130.0-1)
debian
CVE-2026-0879P3CRITICALCVSS 9.8fixed in firefox 147.0-1 (sid)2026
CVE-2026-0879 [CRITICAL] CVE-2026-0879: firefox - Sandbox escape due to incorrect boundary conditions in the Graphics component. T... Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. Scope: local sid: resolved (fixed in 147.0-1)
debian
CVE-2026-2772P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2772 [CRITICAL] CVE-2026-2772: firefox - Use-after-free in the Audio/Video: Playback component. This vulnerability affect... Use-after-free in the Audio/Video: Playback component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)
debian
CVE-2025-11708P3CRITICALCVSS 9.8fixed in firefox 144.0-1 (sid)2025
CVE-2025-11708 [CRITICAL] CVE-2025-11708: firefox - Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerability affects ... Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. Scope: local sid: resolved (fixed in 144.0-1)
debian
CVE-2026-4720P3CRITICALCVSS 9.8fixed in firefox 149.0-1 (sid)2026
CVE-2026-4720 [CRITICAL] CVE-2026-4720: firefox - Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox ... Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140
debian
CVE-2026-2767P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2767 [CRITICAL] CVE-2026-2767: firefox - Use-after-free in the JavaScript: WebAssembly component. This vulnerability affe... Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)
debian
CVE-2026-2777P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2777 [CRITICAL] CVE-2026-2777: firefox - Privilege escalation in the Messaging System component. This vulnerability affec... Privilege escalation in the Messaging System component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)
debian
CVE-2026-5734P3CRITICALCVSS 9.8fixed in firefox 149.0.2-1 (sid)2026
CVE-2026-5734 [CRITICAL] CVE-2026-5734: firefox - Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Fire... Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149.0.2, Firefox ESR < 140.9.1, Thunderbird < 149.0.2,
debian