Debian Firefox vulnerabilities
1,550 known vulnerabilities affecting debian/firefox.
Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42
Vulnerabilities
Page 7 of 78
CVE-2025-13023P3CRITICALCVSS 9.8fixed in firefox 145.0-1 (sid)2025
CVE-2025-13023 [CRITICAL] CVE-2025-13023: firefox - Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU comp...
Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145.
Scope: local
sid: resolved (fixed in 145.0-1)
debian
CVE-2025-13026P3CRITICALCVSS 9.8fixed in firefox 145.0-1 (sid)2025
CVE-2025-13026 [CRITICAL] CVE-2025-13026: firefox - Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU comp...
Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145.
Scope: local
sid: resolved (fixed in 145.0-1)
debian
CVE-2026-2792P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2792 [CRITICAL] CVE-2026-2792: firefox - Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox ...
Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140
debian
CVE-2026-5735P3CRITICALCVSS 9.8fixed in firefox 149.0.2-1 (sid)2026
CVE-2026-5735 [CRITICAL] CVE-2026-5735: firefox - Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of t...
Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149.0.2 and Thunderbird < 149.0.2.
Scope: local
sid: resolved (fixed in 149.0.2-1)
debian
CVE-2026-2807P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2807 [CRITICAL] CVE-2026-2807: firefox - Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bug...
Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148 and Thunderbird < 148.
Scope: local
sid: resolved (fixed in 148.0-1)
debian
CVE-2017-5461P3CRITICALCVSS 9.8fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5461 [CRITICAL] CVE-2017-5461: firefox - Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x bef...
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.
Scope: local
sid: resolved (fixed in 52.0.1-1)
debian
CVE-2024-2614P3HIGHCVSS 8.8fixed in firefox 124.0-1 (sid)2024
CVE-2024-2614 [HIGH] CVE-2024-2614: firefox - Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 11...
Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
Scope: local
sid: resolved (fixed in 12
debian
CVE-2024-11697P3HIGHCVSS 8.8fixed in firefox 133.0-1 (sid)2024
CVE-2024-11697 [HIGH] CVE-2024-11697: firefox - When handling keypress events, an attacker may have been able to trick a user in...
When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
Scope: local
sid: resolved (fixed in 133.0-1)
debian
CVE-2025-10533P3HIGHCVSS 8.8fixed in firefox 143.0-1 (sid)2025
CVE-2025-10533 [HIGH] CVE-2025-10533: firefox - Integer overflow in the SVG component. This vulnerability affects Firefox < 143,...
Integer overflow in the SVG component. This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
Scope: local
sid: resolved (fixed in 143.0-1)
debian
CVE-2018-18498P3CRITICALCVSS 9.8fixed in firefox 64.0-1 (sid)2018
CVE-2018-18498 [CRITICAL] CVE-2018-18498: firefox - A potential vulnerability leading to an integer overflow can occur during buffer...
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
Scope: local
sid: resolved (fixed in 64.0-1)
debian
CVE-2025-8034P3HIGHCVSS 8.8fixed in firefox 141.0-1 (sid)2025
CVE-2025-8034 [HIGH] CVE-2025-8034: firefox - Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbir...
Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, F
debian
CVE-2025-8035P3HIGHCVSS 8.8fixed in firefox 141.0-1 (sid)2025
CVE-2025-8035 [HIGH] CVE-2025-8035: firefox - Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefo...
Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13,
debian
CVE-2025-10537P3HIGHCVSS 8.8fixed in firefox 143.0-1 (sid)2025
CVE-2025-10537 [HIGH] CVE-2025-10537: firefox - Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox ...
Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3
debian
CVE-2025-11714P3HIGHCVSS 8.8fixed in firefox 144.0-1 (sid)2025
CVE-2025-11714 [HIGH] CVE-2025-11714: firefox - Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird...
Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4,
debian
CVE-2025-11715P3HIGHCVSS 8.8fixed in firefox 144.0-1 (sid)2025
CVE-2025-11715 [HIGH] CVE-2025-11715: firefox - Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox ...
Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4
debian
CVE-2018-5146P3HIGHCVSS 8.8fixed in firefox 59.0.1-1 (sid)2018
CVE-2018-5146 [HIGH] CVE-2018-5146: firefox - An out of bounds memory write while processing Vorbis audio data was reported th...
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
Scope: local
sid: resolved (fixed in 59.0.1-1)
debian
CVE-2017-5456P3CRITICALCVSS 9.8fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5456 [CRITICAL] CVE-2017-5456: firefox - A mechanism to bypass file system access protections in the sandbox using the fi...
A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53.
Scope: local
sid: resolved (fixed in 52.0.1-1)
debian
CVE-2025-14333P3HIGHCVSS 8.1fixed in firefox 146.0-1 (sid)2025
CVE-2025-14333 [HIGH] CVE-2025-14333: firefox - Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox ...
Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6
debian
CVE-2017-5391P3CRITICALCVSS 9.8fixed in firefox 51.0-1 (sid)2017
CVE-2017-5391 [CRITICAL] CVE-2017-5391: firefox - Special "about:" pages used by web content, such as RSS feeds, can load privileg...
Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affects Firefox < 51.
Scope: local
sid: resolved (fixed in 51.0-1)
debian
CVE-2016-1950P3HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-1950 [HIGH] CVE-2016-1950: firefox - Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.1...
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
Scope: local
sid: resolved (fixed in 45.0-1)
debian