cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 76 of 78
CVE-2026-2802P4MEDIUMCVSS 4.2fixed in firefox 148.0-1 (sid)2026
CVE-2026-2802 [MEDIUM] CVE-2026-2802: firefox - Race condition in the JavaScript: GC component. This vulnerability affects Firef... Race condition in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148. Scope: local sid: resolved (fixed in 148.0-1)
debian
CVE-2006-1942P4LOWCVSS 5.1fixed in firefox 1.5.dfsg+1.5.0.4-1 (sid)2006
CVE-2006-1942 [MEDIUM] CVE-2006-1942: firefox - Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1... Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma
debian
CVE-2016-5250P4MEDIUMCVSS 4.3fixed in firefox 48.0-1 (sid)2016
CVE-2016-5250 [MEDIUM] CVE-2016-5250: firefox - Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow rem... Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls. Scope: local sid: resolved (fixed in 48.0-1)
debian
CVE-2016-1957P4MEDIUMCVSS 4.3fixed in firefox 45.0-1 (sid)2016
CVE-2016-1957 [MEDIUM] CVE-2016-1957: firefox - Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.... Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. Scope: local sid: resolved (fixed in 45.0-1)
debian
CVE-2006-4340P4HIGHCVSS 4.3fixed in firefox 1.5.dfsg+1.5.0.7-1 (sid)2006
CVE-2006-4340 [MEDIUM] CVE-2006-4340: firefox - Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla... Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE
debian
CVE-2016-5279P4MEDIUMCVSS 4.3fixed in firefox 49.0-1 (sid)2016
CVE-2016-5279 [MEDIUM] CVE-2016-5279: firefox - Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sens... Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code. Scope: local sid: resolved (fixed in 49.0-1)
debian
CVE-2018-12358P4MEDIUMCVSS 4.3fixed in firefox 61.0-1 (sid)2018
CVE-2018-12358 [MEDIUM] CVE-2018-12358: firefox - Service workers can use redirection to avoid the tainting of cross-origin resour... Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. This vulnerability affects Firefox < 61. Scope: local sid: resolved (fixed in 61.0-1)
debian
CVE-2016-5268P4MEDIUMCVSS 4.3fixed in firefox 48.0-1 (sid)2016
CVE-2016-5268 [MEDIUM] CVE-2016-5268: firefox - Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_... Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonstrated by misleading text after an about:neterror?d= substring. Scope: local sid: resolved (fixed in 48.0-1)
debian
CVE-2021-23968P4MEDIUMCVSS 4.3fixed in firefox 86.0-1 (sid)2021
CVE-2021-23968 [MEDIUM] CVE-2021-23968: firefox - If Content Security Policy blocked frame navigation, the full destination of a r... If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. Scope: local sid: resolv
debian
CVE-2020-6810P4MEDIUMCVSS 4.3fixed in firefox 74.0-1 (sid)2020
CVE-2020-6810 [MEDIUM] CVE-2020-6810: firefox - After a website had entered fullscreen mode, it could have used a previously ope... After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin of the page and credential theft or other attacks. This vulnerability affects Firefox < 74
debian
CVE-2020-26963P4MEDIUMCVSS 4.3fixed in firefox 83.0-1 (sid)2020
CVE-2020-26963 [MEDIUM] CVE-2020-26963: firefox - Repeated calls to the history and location interfaces could have been used to ha... Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls. This vulnerability affects Firefox < 83. Scope: local sid: resolved (fixed in 83.0-1)
debian
CVE-2020-15665P4MEDIUMCVSS 4.3fixed in firefox 80.0-1 (sid)2020
CVE-2020-15665 [MEDIUM] CVE-2020-15665: firefox - Firefox did not reset the address bar after the beforeunload dialog was shown if... Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox < 80. Scope: local sid: resolved (fixed in 80.0-1)
debian
CVE-2021-24001P4MEDIUMCVSS 4.3fixed in firefox 88.0-1 (sid)2021
CVE-2021-24001 [MEDIUM] CVE-2021-24001: firefox - A compromised content process could have performed session history manipulations... A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox < 88. Scope: local sid: resolved (fixed in 88.0-1)
debian
CVE-2022-45417P4MEDIUMCVSS 4.3fixed in firefox 107.0-1 (sid)2022
CVE-2022-45417 [MEDIUM] CVE-2022-45417: firefox - Service Workers did not detect Private Browsing Mode correctly in all cases, whi... Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private Browsing Mode details to disk. This vulnerability affects Firefox < 107.
debian
CVE-2022-31745P4MEDIUMCVSS 4.3fixed in firefox 101.0-1 (sid)2022
CVE-2022-31745 [MEDIUM] CVE-2022-31745: firefox - If array shift operations are not used, the Garbage Collector may have become co... If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox < 101. Scope: local sid: resolved (fixed in 101.0-1)
debian
CVE-2021-43531P4MEDIUMCVSS 4.3fixed in firefox 94.0-1 (sid)2021
CVE-2021-43531 [MEDIUM] CVE-2021-43531: firefox - When a user loaded a Web Extensions context menu, the Web Extension could access... When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should have access to. This was fixed to provide the pre-redirect URL. This
debian
CVE-2006-5464P4LOWCVSS 5.0fixed in firefox 45.0-1 (sid)2006
CVE-2006-5464 [MEDIUM] CVE-2006-5464: firefox - Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox bef... Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors. Scope: local sid: resolved (fixed in 45.0-1)
debian
CVE-2025-0240P4MEDIUMCVSS 4.0fixed in firefox 134.0-1 (sid)2025
CVE-2025-0240 [MEDIUM] CVE-2025-0240: firefox - Parsing a JavaScript module as JSON could, under some circumstances, cause cross... Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Scope: local sid: resolved (fixed in 134.0-1)
debian
CVE-2024-2606P4LOWCVSS 3.7fixed in firefox 124.0-1 (sid)2024
CVE-2024-2606 [LOW] CVE-2024-2606: firefox - Passing invalid data could have led to invalid wasm values being created, such a... Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124. Scope: local sid: resolved (fixed in 124.0-1)
debian
CVE-2006-6499P4HIGHCVSS 4.3fixed in firefox 45.0-1 (sid)2006
CVE-2006-6499 [MEDIUM] CVE-2006-6499: firefox - The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9... The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision. Scope: local sid: resolved (fixed in 45.0-1)
debian
Debian Firefox vulnerabilities | cvebase