Debian Firefox vulnerabilities
1,550 known vulnerabilities affecting debian/firefox.
Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42
Vulnerabilities
Page 74 of 78
CVE-2019-9807P4MEDIUMCVSS 4.3fixed in firefox 66.0-1 (sid)2019
CVE-2019-9807 [MEDIUM] CVE-2019-9807: firefox - When arbitrary text is sent over an FTP connection and a page reload is initiate...
When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects Firefox < 66.
Scope: local
sid: resolved (fixed in 66.0-1)
debian
CVE-2020-12412P4MEDIUMCVSS 4.3fixed in firefox 70.0-1 (sid)2020
CVE-2020-12412 [MEDIUM] CVE-2020-12412: firefox - By navigating a tab using the history API, an attacker could cause the address b...
By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents. This vulnerability affects Firefox < 70.
Scope: local
sid: resolved (fixed in 70.0-1)
debian
CVE-2023-6135P4MEDIUMCVSS 4.3fixed in firefox 121.0-1 (sid)2023
CVE-2023-6135 [MEDIUM] CVE-2023-6135: firefox - Multiple NSS NIST curves were susceptible to a side-channel attack known as "Min...
Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.
Scope: local
sid: resolved (fixed in 121.0-1)
debian
CVE-2021-23963P4MEDIUMCVSS 4.3fixed in firefox 85.0-1 (sid)2021
CVE-2021-23963 [MEDIUM] CVE-2021-23963: firefox - When sharing geolocation during an active WebRTC share, Firefox could have reset...
When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85.
Scope: local
sid: resolved (fixed in 85.0-1)
debian
CVE-2022-26383P4MEDIUMCVSS 4.3fixed in firefox 98.0-1 (sid)2022
CVE-2022-26383 [MEDIUM] CVE-2022-26383: firefox - When resizing a popup after requesting fullscreen access, the popup would not di...
When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
Scope: local
sid: resolved (fixed in 98.0-1)
debian
CVE-2023-32212P4MEDIUMCVSS 4.3fixed in firefox 113.0-1 (sid)2023
CVE-2023-32212 [MEDIUM] CVE-2023-32212: firefox - An attacker could have positioned a `datalist` element to obscure the address ba...
An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Scope: local
sid: resolved (fixed in 113.0-1)
debian
CVE-2023-32205P4MEDIUMCVSS 4.3fixed in firefox 113.0-1 (sid)2023
CVE-2023-32205 [MEDIUM] CVE-2023-32205: firefox - In multiple cases browser prompts could have been obscured by popups controlled ...
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Scope: local
sid: resolved (fixed in 113.0-1)
debian
CVE-2023-5729P4MEDIUMCVSS 4.3fixed in firefox 119.0-1 (sid)2023
CVE-2023-5729 [MEDIUM] CVE-2023-5729: firefox - A malicious web site can enter fullscreen mode while simultaneously triggering a...
A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119.
Scope: local
sid: resolved (fixed in 119.0-1)
debian
CVE-2023-29533P4MEDIUMCVSS 4.3fixed in firefox 112.0-1 (sid)2023
CVE-2023-29533 [MEDIUM] CVE-2023-29533: firefox - A website could have obscured the fullscreen notification by using a combination...
A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird
debian
CVE-2022-26382P4MEDIUMCVSS 4.3fixed in firefox 98.0-1 (sid)2022
CVE-2022-26382 [MEDIUM] CVE-2022-26382: firefox - While the text displayed in Autofill tooltips cannot be directly read by JavaScr...
While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the text by using specially crafted fonts could have lead to this text being inferred by the webpage. This vulnerability affects Firefox < 98.
Scope: local
sid: resolved (fixed in 98.0-1)
debian
CVE-2024-11701P4MEDIUMCVSS 4.3fixed in firefox 133.0-1 (sid)2024
CVE-2024-11701 [MEDIUM] CVE-2024-11701: firefox - The incorrect domain may have been displayed in the address bar during an interr...
The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.
Scope: local
sid: resolved (fixed in 133.0-1)
debian
CVE-2024-5689P4MEDIUMCVSS 4.3fixed in firefox 127.0-1 (sid)2024
CVE-2024-5689 [MEDIUM] CVE-2024-5689: firefox - In addition to detecting when a user was taking a screenshot (XXX), a website wa...
In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing. This vulnerability affects Firefox < 127.
Scope: local
sid: resolved (fixed in 127.0-1)
debian
CVE-2023-29538P4MEDIUMCVSS 4.3fixed in firefox 112.0-1 (sid)2023
CVE-2023-29538 [MEDIUM] CVE-2023-29538: firefox - Under specific circumstances a WebExtension may have received a <code>jar:file:/...
Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
Scope: local
sid: resolved (fixed in 112.0-1)
debian
CVE-2024-5697P4MEDIUMCVSS 4.3fixed in firefox 127.0-1 (sid)2024
CVE-2024-5697 [MEDIUM] CVE-2024-5697: firefox - A website was able to detect when a user took a screenshot of a page using the b...
A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127.
Scope: local
sid: resolved (fixed in 127.0-1)
debian
CVE-2026-0887P4MEDIUMCVSS 4.3fixed in firefox 147.0-1 (sid)2026
CVE-2026-0887 [MEDIUM] CVE-2026-0887: firefox - Clickjacking issue, information disclosure in the PDF Viewer component. This vul...
Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
Scope: local
sid: resolved (fixed in 147.0-1)
debian
CVE-2022-29915P4MEDIUMCVSS 4.3fixed in firefox 100.0-1 (sid)2022
CVE-2022-29915 [MEDIUM] CVE-2022-29915: firefox - The Performance API did not properly hide the fact whether a request cross-origi...
The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects. This vulnerability affects Firefox < 100.
Scope: local
sid: resolved (fixed in 100.0-1)
debian
CVE-2022-36315P4MEDIUMCVSS 4.3fixed in firefox 103.0-1 (sid)2022
CVE-2022-36315 [MEDIUM] CVE-2022-36315: firefox - When loading a script with Subresource Integrity, attackers with an injection ca...
When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox < 103.
Scope: local
sid: resolved (fixed in 103.0-1)
debian
CVE-2006-3802P4MEDIUMCVSS 5.8fixed in firefox 1.5.dfsg+1.5.0.5-1 (sid)2006
CVE-2006-3802 [MEDIUM] CVE-2006-3802: firefox - Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before...
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting (XSS) attacks using DOM methods of the top-level object.
Scope: local
sid: resolved (fixed in 1.5.dfsg+1.5.0.5-1)
debian
CVE-2016-1955P4MEDIUMCVSS 4.3fixed in firefox 45.0-1 (sid)2016
CVE-2016-1955 [MEDIUM] CVE-2016-1955: firefox - Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Po...
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.
Scope: local
sid: resolved (fixed in 45.0-1)
debian
CVE-2018-18511P4MEDIUMCVSS 4.3fixed in firefox 65.0.1-1 (sid)2018
CVE-2018-18511 [MEDIUM] CVE-2018-18511: firefox - Cross-origin images can be read from a canvas element in violation of the same-o...
Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1.
Scope: local
sid: resolved (fixed in 65.0.1-1)
debian