cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 61 of 78
CVE-2022-40960P4MEDIUMCVSS 6.5fixed in firefox 105.0-1 (sid)2022
CVE-2022-40960 [MEDIUM] CVE-2022-40960: firefox - Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This c... Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Scope: local sid: resolved (fixed in 105.0-1)
debian
CVE-2021-43540P4MEDIUMCVSS 6.5fixed in firefox 95.0-1 (sid)2021
CVE-2021-43540 [MEDIUM] CVE-2021-43540: firefox - WebExtensions with the correct permissions were able to create and install Servi... WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox < 95. Scope: local sid: resolved (fixed in 95.0-1)
debian
CVE-2022-22760P4MEDIUMCVSS 6.5fixed in firefox 97.0-1 (sid)2022
CVE-2022-22760 [MEDIUM] CVE-2022-22760: firefox - When importing resources using Web Workers, error messages would distinguish the... When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Scope: local sid: resolved (fixed in 97.0-1)
debian
CVE-2023-25742P4MEDIUMCVSS 6.5fixed in firefox 110.0-1 (sid)2023
CVE-2023-25742 [MEDIUM] CVE-2023-25742: firefox - When importing a SPKI RSA public key as ECDSA P-256, the key would be handled in... When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)
debian
CVE-2022-22747P4MEDIUMCVSS 6.5fixed in firefox 96.0-1 (sid)2022
CVE-2022-22747 [MEDIUM] CVE-2022-22747: firefox - After accepting an untrusted certificate, handling an empty pkcs7 sequence as pa... After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)
debian
CVE-2022-26385P4MEDIUMCVSS 6.5fixed in firefox 98.0-1 (sid)2022
CVE-2022-26385 [MEDIUM] CVE-2022-26385: firefox - In unusual circumstances, an individual thread may outlive the thread's manager ... In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 98. Scope: local sid: resolved (fixed in 98.0-1)
debian
CVE-2023-28160P4MEDIUMCVSS 6.5fixed in firefox 111.0-1 (sid)2023
CVE-2023-28160 [MEDIUM] CVE-2023-28160: firefox - When following a redirect to a publicly accessible web extension file, the URL m... When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. This vulnerability affects Firefox < 111. Scope: local sid: resolved (fixed in 111.0-1)
debian
CVE-2023-29544P4MEDIUMCVSS 6.5fixed in firefox 112.0-1 (sid)2023
CVE-2023-29544 [MEDIUM] CVE-2023-29544: firefox - If multiple instances of resource exhaustion occurred at the incorrect time, the... If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Scope: local sid: resolved (fixed in 112.0-1)
debian
CVE-2025-1934P4MEDIUMCVSS 6.5fixed in firefox 136.0-1 (sid)2025
CVE-2025-1934 [MEDIUM] CVE-2025-1934: firefox - It was possible to interrupt the processing of a RegExp bailout and run addition... It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. Scope: local sid: resolved (fixed in 136.0-1)
debian
CVE-2023-37205P4MEDIUMCVSS 6.5fixed in firefox 115.0-1 (sid)2023
CVE-2023-37205 [MEDIUM] CVE-2023-37205: firefox - The use of RTL Arabic characters in the address bar may have allowed for URL spo... The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115. Scope: local sid: resolved (fixed in 115.0-1)
debian
CVE-2024-0754P4MEDIUMCVSS 6.5fixed in firefox 122.0-1 (sid)2024
CVE-2024-0754 [MEDIUM] CVE-2024-0754: firefox - Some WASM source files could have caused a crash when loaded in devtools. This v... Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122. Scope: local sid: resolved (fixed in 122.0-1)
debian
CVE-2022-38475P4MEDIUMCVSS 6.5fixed in firefox 104.0-1 (sid)2022
CVE-2022-38475 [MEDIUM] CVE-2022-38475: firefox - An attacker could have written a value to the first element in a zero-length Jav... An attacker could have written a value to the first element in a zero-length JavaScript array. Although the array was zero-length, the value was not written to an invalid memory address. This vulnerability affects Firefox < 104. Scope: local sid: resolved (fixed in 104.0-1)
debian
CVE-2024-3855P4MEDIUMCVSS 6.5fixed in firefox 125.0.1-1 (sid)2024
CVE-2024-3855 [MEDIUM] CVE-2024-3855: firefox - In certain cases the JIT incorrectly optimized MSubstr operations, which led to ... In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads. This vulnerability affects Firefox < 125. Scope: local sid: resolved (fixed in 125.0.1-1)
debian
CVE-2024-10941P4MEDIUMCVSS 6.5fixed in firefox 126.0-1 (sid)2024
CVE-2024-10941 [MEDIUM] CVE-2024-10941: firefox - A malicious website could have included an iframe with an malformed URI resultin... A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126. Scope: local sid: resolved (fixed in 126.0-1)
debian
CVE-2020-26958P4MEDIUMCVSS 6.1fixed in firefox 83.0-1 (sid)2020
CVE-2020-26958 [MEDIUM] CVE-2020-26958: firefox - Firefox did not block execution of scripts with incorrect MIME types when the re... Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Scope: local sid: resolved (fixed in 83.0
debian
CVE-2020-26978P4MEDIUMCVSS 6.1fixed in firefox 84.0-1 (sid)2020
CVE-2020-26978 [MEDIUM] CVE-2020-26978: firefox - Using techniques that built on the slipstream research, a malicious webpage coul... Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. Scope: local sid: resolved (fixed in 84.0-1)
debian
CVE-2006-0293P4HIGHCVSS 7.5fixed in firefox 1.5.dfsg+1.5.0.1-1 (sid)2006
CVE-2006-0293 [HIGH] CVE-2006-0293: firefox - The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows a... The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.1-1)
debian
CVE-2024-1551P4MEDIUMCVSS 6.1fixed in firefox 123.0-1 (sid)2024
CVE-2024-1551 [MEDIUM] CVE-2024-1551: firefox - Set-Cookie response headers were being incorrectly honored in multipart HTTP res... Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird <
debian
CVE-2023-6867P4MEDIUMCVSS 6.1fixed in firefox 121.0-1 (sid)2023
CVE-2023-6867 [MEDIUM] CVE-2023-6867: firefox - The timing of a button click causing a popup to disappear was approximately the ... The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121. Scope: local sid: res
debian
CVE-2024-1550P4MEDIUMCVSS 6.1fixed in firefox 123.0-1 (sid)2024
CVE-2024-1550 [MEDIUM] CVE-2024-1550: firefox - A malicious website could have used a combination of exiting fullscreen mode and... A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Scope: loc
debian
Debian Firefox vulnerabilities | cvebase