cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 72 of 78
CVE-2016-2820P4MEDIUMCVSS 4.3fixed in firefox 46.0-1 (sid)2016
CVE-2016-2820 [MEDIUM] CVE-2016-2820: firefox - The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Fi... The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element. Scope: local sid: resolved (fixed in 46.0-1)
debian
CVE-2020-35111P4MEDIUMCVSS 4.3fixed in firefox 84.0-1 (sid)2020
CVE-2020-35111 [MEDIUM] CVE-2020-35111: firefox - When an extension with the proxy permission registered to receive <all_urls>, th... When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. Scope: local sid: r
debian
CVE-2024-1548P4MEDIUMCVSS 4.3fixed in firefox 123.0-1 (sid)2024
CVE-2024-1548 [MEDIUM] CVE-2024-1548: firefox - A website could have obscured the fullscreen notification by using a dropdown se... A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Scope: local sid: resolved (fixed in 123.0-1)
debian
CVE-2023-5725P4MEDIUMCVSS 4.3fixed in firefox 119.0-1 (sid)2023
CVE-2023-5725 [MEDIUM] CVE-2023-5725: firefox - A malicious installed WebExtension could open arbitrary URLs, which under the ri... A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Scope: local sid: resolved (fixed in 119.0-1)
debian
CVE-2024-5690P4MEDIUMCVSS 4.3fixed in firefox 127.0-1 (sid)2024
CVE-2024-5690 [MEDIUM] CVE-2024-5690: firefox - By monitoring the time certain operations take, an attacker could have guessed w... By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Scope: local sid: resolved (fixed in 127.0-1)
debian
CVE-2024-11692P4MEDIUMCVSS 4.3fixed in firefox 133.0-1 (sid)2024
CVE-2024-11692 [MEDIUM] CVE-2024-11692: firefox - An attacker could cause a select dropdown to be shown over another tab; this cou... An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. Scope: local sid: resolved (fixed in 133.0-1)
debian
CVE-2006-1738P4MEDIUMCVSS 5.0fixed in firefox 1.5.dfsg+1.5.0.2-2 (sid)2006
CVE-2006-1738 [MEDIUM] CVE-2006-1738: firefox - Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and ... Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.2-2)
debian
CVE-2006-4566P4HIGHCVSS 5.0fixed in firefox 1.5.dfsg+1.5.0.7-1 (sid)2006
CVE-2006-4566 [MEDIUM] CVE-2006-4566: firefox - Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before... Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ("[\\"), which leads to a buffer over-read. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.7-1)
debian
CVE-2006-1741P4MEDIUMCVSS 4.3fixed in firefox 1.5.dfsg+1.5.0.2-2 (sid)2006
CVE-2006-1741 [MEDIUM] CVE-2006-1741: firefox - Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.... Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__
debian
CVE-2020-16012P4MEDIUMCVSS 4.3fixed in chromium 87.0.4280.88-0.1 (bookworm)2020
CVE-2020-16012 [MEDIUM] CVE-2020-16012: chromium - Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280... Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie: res
debian
CVE-2016-1965P4MEDIUMCVSS 4.3fixed in firefox 45.0-1 (sid)2016
CVE-2016-1965 [MEDIUM] CVE-2016-1965: firefox - Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigat... Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property. Scope: local sid: resolved (fixed in 45.0-1)
debian
CVE-2021-38508P4MEDIUMCVSS 4.3fixed in firefox 94.0-1 (sid)2021
CVE-2021-38508 [MEDIUM] CVE-2021-38508: firefox - By displaying a form validity message in the correct location at the same time a... By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Scope: local sid: res
debian
CVE-2021-38506P4MEDIUMCVSS 4.3fixed in firefox 94.0-1 (sid)2021
CVE-2021-38506 [MEDIUM] CVE-2021-38506: firefox - Through a series of navigations, Firefox could have entered fullscreen mode with... Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Scope: local sid: resolved (fixed in 94.0-1)
debian
CVE-2018-12399P4MEDIUMCVSS 4.3fixed in firefox 63.0-1 (sid)2018
CVE-2018-12399 [MEDIUM] CVE-2018-12399: firefox - When a new protocol handler is registered, the API accepts a title argument whic... When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox < 63. Scope: local sid: resolved (fixed in 63.0-1)
debian
CVE-2020-26953P4MEDIUMCVSS 4.3fixed in firefox 83.0-1 (sid)2020
CVE-2020-26953 [MEDIUM] CVE-2020-26953: firefox - It was possible to cause the browser to enter fullscreen mode without displaying... It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Scope: local sid: resolved (fixed in 83.0-1)
debian
CVE-2006-0299P4MEDIUMCVSS 6.4fixed in firefox 1.5.dfsg+1.5.0.1-1 (sid)2006
CVE-2006-0299 [MEDIUM] CVE-2006-0299: firefox - The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if run... The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.1-1)
debian
CVE-2021-43538P4MEDIUMCVSS 4.3fixed in firefox 95.0-1 (sid)2021
CVE-2021-43538 [MEDIUM] CVE-2021-43538: firefox - By misusing a race in our notification code, an attacker could have forcefully h... By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Scope: local sid: resolved (fixed in 95.0-1)
debian
CVE-2019-11749P4MEDIUMCVSS 4.3fixed in firefox 69.0-1 (sid)2019
CVE-2019-11749 [MEDIUM] CVE-2019-11749: firefox - A vulnerability exists in WebRTC where malicious web content can use probing tec... A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. Scope: local s
debian
CVE-2023-5721P4MEDIUMCVSS 4.3fixed in firefox 119.0-1 (sid)2023
CVE-2023-5721 [MEDIUM] CVE-2023-5721: firefox - It was possible for certain browser prompts and dialogs to be activated or dismi... It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Scope: local sid: resolved (fixed in 119.0-1)
debian
CVE-2022-22743P4MEDIUMCVSS 4.3fixed in firefox 96.0-1 (sid)2022
CVE-2022-22743 [MEDIUM] CVE-2022-22743: firefox - When navigating from inside an iframe while requesting fullscreen access, an att... When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)
debian
Debian Firefox vulnerabilities | cvebase