Debian Firefox vulnerabilities
1,550 known vulnerabilities affecting debian/firefox.
Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42
Vulnerabilities
Page 75 of 78
CVE-2017-5451P4MEDIUMCVSS 4.3fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5451 [MEDIUM] CVE-2017-5451: firefox - A mechanism to spoof the addressbar through the user interaction on the addressb...
A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
Scope: local
sid: re
debian
CVE-2016-2830P4MEDIUMCVSS 4.3fixed in firefox 48.0-1 (sid)2016
CVE-2016-2830 [MEDIUM] CVE-2016-2830: firefox - Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the networ...
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses.
Scope: local
sid: resolved (fixed in 48.0-1)
debian
CVE-2018-5167P4MEDIUMCVSS 4.3fixed in firefox 60.0-1 (sid)2018
CVE-2018-5167 [MEDIUM] CVE-2018-5167: firefox - The web console and JavaScript debugger do not sanitize all output that can be h...
The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display "javascript:" links, which users could be tricked into clicking by mal
debian
CVE-2020-12399P4MEDIUMCVSS 4.4fixed in firefox 77.0-1 (sid)2020
CVE-2020-12399 [MEDIUM] CVE-2020-12399: firefox - NSS has shown timing differences when performing DSA signatures, which was explo...
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Scope: local
sid: resolved (fixed in 77.0-1)
debian
CVE-2021-29960P4MEDIUMCVSS 4.3fixed in firefox 89.0-1 (sid)2021
CVE-2021-29960 [MEDIUM] CVE-2021-29960: firefox - Firefox used to cache the last filename used for printing a file. When generatin...
Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox < 89.
Scope: local
sid: resolved
debian
CVE-2021-29961P4MEDIUMCVSS 4.3fixed in firefox 89.0-1 (sid)2021
CVE-2021-29961 [MEDIUM] CVE-2021-29961: firefox - When styling and rendering an oversized `<select>` element, Firefox did not appl...
When styling and rendering an oversized `` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89.
Scope: local
sid: resolved (fixed in 89.0-1)
debian
CVE-2022-46877P4MEDIUMCVSS 4.3fixed in firefox 108.0-1 (sid)2022
CVE-2022-46877 [MEDIUM] CVE-2022-46877: firefox - By confusing the browser, the fullscreen notification could have been delayed or...
By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108.
Scope: local
sid: resolved (fixed in 108.0-1)
debian
CVE-2019-11754P4MEDIUMCVSS 4.3fixed in firefox 69.0.1-1 (sid)2019
CVE-2019-11754 [MEDIUM] CVE-2019-11754: firefox - When the pointer lock is enabled by a website though requestPointerLock(), no us...
When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. This could allow a malicious website to hijack the mouse pointer and confuse users. This vulnerability affects Firefox < 69.0.1.
Scope: local
sid: resolved (fixed in 69.0.1-1)
debian
CVE-2021-43533P4MEDIUMCVSS 4.3fixed in firefox 94.0-1 (sid)2021
CVE-2021-43533 [MEDIUM] CVE-2021-43533: firefox - When parsing internationalized domain names, high bits of the characters in the ...
When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. This vulnerability affects Firefox < 94.
Scope: local
sid: resolved (fixed in 94.0-1)
debian
CVE-2020-15668P4MEDIUMCVSS 4.3fixed in firefox 80.0-1 (sid)2020
CVE-2020-15668 [MEDIUM] CVE-2020-15668: firefox - A lock was missing when accessing a data structure and importing certificate inf...
A lock was missing when accessing a data structure and importing certificate information into the trust database. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
Scope: local
sid: resolved (fixed in 80.0-1)
debian
CVE-2023-6871P4MEDIUMCVSS 4.3fixed in firefox 121.0-1 (sid)2023
CVE-2023-6871 [MEDIUM] CVE-2023-6871: firefox - Under certain conditions, Firefox did not display a warning when a user attempte...
Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox < 121.
Scope: local
sid: resolved (fixed in 121.0-1)
debian
CVE-2023-25750P4MEDIUMCVSS 4.3fixed in firefox 111.0-1 (sid)2023
CVE-2023-25750 [MEDIUM] CVE-2023-25750: firefox - Under certain circumstances, a ServiceWorker's offline cache may have leaked to ...
Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. This vulnerability affects Firefox < 111.
Scope: local
sid: resolved (fixed in 111.0-1)
debian
CVE-2024-6608P4MEDIUMCVSS 4.3fixed in firefox 128.0-1 (sid)2024
CVE-2024-6608 [MEDIUM] CVE-2024-6608: firefox - It was possible to move the cursor using pointerlock from an iframe. This allowe...
It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128.
Scope: local
sid: resolved (fixed in 128.0-1)
debian
CVE-2024-6614P4MEDIUMCVSS 4.3fixed in firefox 128.0-1 (sid)2024
CVE-2024-6614 [MEDIUM] CVE-2024-6614: firefox - The frame iterator could get stuck in a loop when encountering certain wasm fram...
The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128.
Scope: local
sid: resolved (fixed in 128.0-1)
debian
CVE-2025-1019P4MEDIUMCVSS 4.3fixed in firefox 135.0-1 (sid)2025
CVE-2025-1019 [MEDIUM] CVE-2025-1019: firefox - The z-order of the browser windows could be manipulated to hide the fullscreen n...
The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.
Scope: local
sid: resolved (fixed in 135.0-1)
debian
CVE-2024-6610P4MEDIUMCVSS 4.3fixed in firefox 128.0-1 (sid)2024
CVE-2024-6610 [MEDIUM] CVE-2024-6610: firefox - Form validation popups could capture escape key presses. Therefore, spamming for...
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128.
Scope: local
sid: resolved (fixed in 128.0-1)
debian
CVE-2024-0749P4MEDIUMCVSS 4.3fixed in firefox 122.0-1 (sid)2024
CVE-2024-0749 [MEDIUM] CVE-2024-0749: firefox - A phishing site could have repurposed an `about:` dialog to show phishing conten...
A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7.
Scope: local
sid: resolved (fixed in 122.0-1)
debian
CVE-2025-1935P4MEDIUMCVSS 4.3fixed in firefox 136.0-1 (sid)2025
CVE-2025-1935 [MEDIUM] CVE-2025-1935: firefox - A web page could trick a user into setting that site as the default handler for ...
A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
Scope: local
sid: resolved (fixed in 136.0-1)
debian
CVE-2025-5266P4MEDIUMCVSS 4.3fixed in firefox 139.0-1 (sid)2025
CVE-2025-5266 [MEDIUM] CVE-2025-5266: firefox - Script elements loading cross-origin resources generated load and error events w...
Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.
Scope: local
sid: resolved (fixed in 139.0-1)
debian
CVE-2025-5263P4MEDIUMCVSS 4.3fixed in firefox 139.0-1 (sid)2025
CVE-2025-5263 [MEDIUM] CVE-2025-5263: firefox - Error handling for script execution was incorrectly isolated from web content, w...
Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.
Scope: local
sid: resolved (fixed in 139.0-1)
debian