cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 69 of 78
CVE-2025-3035P4MEDIUMCVSS 5.3fixed in firefox 137.0-1 (sid)2025
CVE-2025-3035 [MEDIUM] CVE-2025-3035: firefox - By first using the AI chatbot in one tab and later activating it in another tab,... By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability affects Firefox < 137. Scope: local sid: resolved (fixed in 137.0-1)
debian
CVE-2025-0243P4MEDIUMCVSS 5.1fixed in firefox 134.0-1 (sid)2025
CVE-2025-0243 [MEDIUM] CVE-2025-0243: firefox - Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, a... Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. S
debian
CVE-2016-9077P4HIGHCVSS 7.0fixed in firefox 50.0-1 (sid)2016
CVE-2016-9077 [HIGH] CVE-2016-9077: firefox - Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-o... Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50. Scope: local sid: resolved (fixed in 50.0-1)
debian
CVE-2017-5466P4MEDIUMCVSS 6.1fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5466 [MEDIUM] CVE-2017-5466: firefox - If a page is loaded from an original site through a hyperlink and contains a red... If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: re
debian
CVE-2019-11744P4MEDIUMCVSS 6.1fixed in firefox 69.0-1 (sid)2019
CVE-2019-11744 [MEDIUM] CVE-2019-11744: firefox - Some HTML elements, such as &lt;title&gt; and &lt;textarea&gt;, can contain lite... Some HTML elements, such as and , can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for ot
debian
CVE-2016-2833P4MEDIUMCVSS 6.1fixed in firefox 47.0-1 (sid)2016
CVE-2016-2833 [MEDIUM] CVE-2016-2833: firefox - Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for... Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet. Scope: local sid: resolved (fixed in 47.0-1)
debian
CVE-2006-0297P4MEDIUMCVSS 5.1fixed in firefox 1.5.dfsg+1.5.0.1-1 (sid)2006
CVE-2006-0297 [MEDIUM] CVE-2006-0297: firefox - Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript... Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas. Scope: local sid: resolved (fixed in 1.5.dfsg+1.
debian
CVE-2017-7840P4MEDIUMCVSS 6.1fixed in firefox 57.0-1 (sid)2017
CVE-2017-7840 [MEDIUM] CVE-2017-7840: firefox - JavaScript can be injected into an exported bookmarks file by placing JavaScript... JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks if users were convinced to add malicious tags to
debian
CVE-2019-11724P4MEDIUMCVSS 6.1fixed in firefox 68.0-1 (sid)2019
CVE-2019-11724 [MEDIUM] CVE-2019-11724: firefox - Application permissions give additional remote troubleshooting permission to the... Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability affects Firefox < 68. Scope: local sid: resolved (fixed in 68.0-1)
debian
CVE-2019-17001P4MEDIUMCVSS 6.1fixed in firefox 70.0-1 (sid)2019
CVE-2019-17001 [MEDIUM] CVE-2019-17001: firefox - A Content-Security-Policy that blocks in-line scripts could be bypassed using an... A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.*Note: This flaw only affected Firefox 69 and was not present in earlier versions.*. This vulnerability affects Firefox < 70. Scope: local sid: resolved (fi
debian
CVE-2020-26962P4MEDIUMCVSS 6.1fixed in firefox 83.0-1 (sid)2020
CVE-2020-26962 [MEDIUM] CVE-2020-26962: firefox - Cross-origin iframes that contained a login form could have been recognized by t... Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox < 83. Scope: local sid: resolved (fixed in 83.0-1)
debian
CVE-2019-11701P4MEDIUMCVSS 6.1fixed in firefox 67.0-2 (sid)2019
CVE-2019-11701 [MEDIUM] CVE-2019-11701: firefox - The default webcal: protocol handler will load a web site vulnerable to cross-si... The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place as a legacy feature and has now been removed. *Note: this issue only affects users with an account on the vulnerable service. Other users are unaffected.*. This vulnerability affects Firefox < 67. Scope: local sid: resolved (fi
debian
CVE-2017-7823P4MEDIUMCVSS 5.4fixed in firefox 56.0-1 (sid)2017
CVE-2017-7823 [MEDIUM] CVE-2017-7823: firefox - The content security policy (CSP) "sandbox" directive did not create a unique or... The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Scope: lo
debian
CVE-2017-7837P4MEDIUMCVSS 5.3fixed in firefox 57.0-1 (sid)2017
CVE-2017-7837 [MEDIUM] CVE-2017-7837: firefox - SVG loaded through "<img>" tags can use "<meta>" tags within the SVG data to set... SVG loaded through "" tags can use "" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57. Scope: local sid: resolved (fixed in 57.0-1)
debian
CVE-2018-5140P4MEDIUMCVSS 5.3fixed in firefox 59.0-1 (sid)2018
CVE-2018-5140 [MEDIUM] CVE-2018-5140: firefox - Image for moz-icons can be accessed through the "moz-icon:" protocol through scr... Image for moz-icons can be accessed through the "moz-icon:" protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page. This vulnerability affects Firefox < 59. Scope: local sid: resolved (fixed in 59.0-1)
debian
CVE-2017-5418P4MEDIUMCVSS 5.3fixed in firefox 52.0-1 (sid)2017
CVE-2017-5418 [MEDIUM] CVE-2017-5418: firefox - An out of bounds read error occurs when parsing some HTTP digest authorization r... An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox < 52 and Thunderbird < 52. Scope: local sid: resolved (fixed in 52.0-1)
debian
CVE-2024-11703P4MEDIUMCVSS 5.7fixed in firefox 134.0-1 (sid)2024
CVE-2024-11703 [MEDIUM] CVE-2024-11703: firefox - On Android, Firefox may have inadvertently allowed viewing saved passwords witho... On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133. Scope: local sid: resolved (fixed in 134.0-1)
debian
CVE-2017-5417P4MEDIUMCVSS 5.3fixed in firefox 52.0-1 (sid)2017
CVE-2017-5417 [MEDIUM] CVE-2017-5417: firefox - When dragging content from the primary browser pane to the addressbar on a malic... When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This vulnerability affects Firefox < 52. Scope: local sid: resolved (fixed in 52.0-1)
debian
CVE-2019-9797P4MEDIUMCVSS 5.3fixed in firefox 66.0-1 (sid)2019
CVE-2019-9797 [MEDIUM] CVE-2019-9797: firefox - Cross-origin images can be read in violation of the same-origin policy by export... Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66. Scope: local sid: resolved (fixed in 66.0-1)
debian
CVE-2018-12383P4MEDIUMCVSS 5.5fixed in firefox 62.0-1 (sid)2018
CVE-2018-12383 [MEDIUM] CVE-2018-12383: firefox - If a user saved passwords before Firefox 58 and then later set a master password... If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored p
debian
Debian Firefox vulnerabilities | cvebase