cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 77 of 78
CVE-2017-5453P4MEDIUMCVSS 4.3fixed in firefox 52.0.1-1 (sid)2017
CVE-2017-5453 [MEDIUM] CVE-2017-5453: firefox - A mechanism to inject static HTML into the RSS reader preview page due to a fail... A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's "TITLE" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)
debian
CVE-2019-17002P4MEDIUMCVSS 4.3fixed in firefox 70.0-1 (sid)2019
CVE-2019-17002 [MEDIUM] CVE-2019-17002: firefox - If upgrade-insecure-requests was specified in the Content Security Policy, and a... If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. This vulnerability affects Firefox < 70. Scope: local sid: resolved (fixed in 70.0-1)
debian
CVE-2006-0298P4MEDIUMCVSS 5.8fixed in firefox 1.5.dfsg+1.5.0.1-1 (sid)2006
CVE-2006-0298 [MEDIUM] CVE-2006-0298: firefox - The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows... The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.1-1)
debian
CVE-2024-3861P4MEDIUMCVSS 4.0fixed in firefox 125.0.1-1 (sid)2024
CVE-2024-3861 [MEDIUM] CVE-2024-3861: firefox - If an AlignedBuffer were assigned to itself, the subsequent self-move could resu... If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Scope: local sid: resolved (fixed in 125.0.1-1)
debian
CVE-2006-4568P4LOWCVSS 4.3fixed in firefox 1.5.dfsg+1.5.0.7-1 (sid)2006
CVE-2006-4568 [MEDIUM] CVE-2006-4568: firefox - Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attacker... Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.7-1)
debian
CVE-2019-11743P4LOWCVSS 3.7fixed in firefox 69.0-1 (sid)2019
CVE-2019-11743 [LOW] CVE-2019-11743: firefox - Navigation events were not fully adhering to the W3C's "Navigation-Timing Level ... Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox < 69,
debian
CVE-2025-0239P4MEDIUMCVSS 4.0fixed in firefox 134.0-1 (sid)2025
CVE-2025-0239 [MEDIUM] CVE-2025-0239: firefox - When using Alt-Svc, ALPN did not properly validate certificates when the origina... When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Scope: local sid: resolved (fixed in 134.0-1)
debian
CVE-2024-3302P4LOWCVSS 3.7fixed in firefox 125.0.1-1 (sid)2024
CVE-2024-3302 [LOW] CVE-2024-3302: firefox - There was no limit to the number of HTTP/2 CONTINUATION frames that would be pro... There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Scope: local sid: resolved (fixed in 125.0.1-1)
debian
CVE-2006-1725P4LOWCVSS 2.6fixed in firefox 1.5.dfsg+1.5.0.2-1 (sid)2006
CVE-2006-1725 [LOW] CVE-2006-1725: firefox - Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain win... Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain windows to become translucent due to an interaction between XUL content windows and the history mechanism, which might allow user-assisted remote attackers to trick users into executing arbitrary code. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.2-1)
debian
CVE-2006-1732P4MEDIUMCVSS 4.3fixed in firefox 1.5.dfsg+1.5.0.2-2 (sid)2006
CVE-2006-1732 [MEDIUM] CVE-2006-1732: firefox - Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and ... Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array. Scope: local sid: resolved (fixed in 1.5.dfsg
debian
CVE-2006-1731P4MEDIUMCVSS 4.3fixed in firefox 1.5.dfsg+1.5.0.2-2 (sid)2006
CVE-2006-1731 [MEDIUM] CVE-2006-1731: firefox - Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla S... Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks. Scope: local sid
debian
CVE-2006-2785P4MEDIUMCVSS 4.3fixed in firefox 1.5.dfsg+1.5.0.4-1 (sid)2006
CVE-2006-2785 [MEDIUM] CVE-2006-2785: firefox - Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allow... Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascri
debian
CVE-2025-13015P4LOWCVSS 3.4fixed in firefox 145.0-1 (sid)2025
CVE-2025-13015 [LOW] CVE-2025-13015: firefox - Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR... Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. Scope: local sid: resolved (fixed in 145.0-1)
debian
CVE-2006-2783P4MEDIUMCVSS 4.3fixed in firefox 1.5.dfsg+1.5.0.4-1 (sid)2006
CVE-2006-2783 [MEDIUM] CVE-2006-2783: firefox - Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark... Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.4-1)
debian
CVE-2006-3812P4MEDIUMCVSS 2.6fixed in firefox 1.5.dfsg+1.5.0.5-1 (sid)2006
CVE-2006-3812 [LOW] CVE-2006-3812: firefox - Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before... Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.5-1)
debian
CVE-2006-1736P4LOWCVSS 2.6fixed in firefox 1.5.dfsg+1.5.0.2-2 (sid)2006
CVE-2006-1736 [LOW] CVE-2006-1736: firefox - Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.... Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." opt
debian
CVE-2022-42931P4LOWCVSS 3.3fixed in firefox 106.0-1 (sid)2022
CVE-2022-42931 [LOW] CVE-2022-42931: firefox - Logins saved by Firefox should be managed by the Password Manager component whic... Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. Instead, the username (not password) was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox < 106. Scope: local sid: resolved (fixed in 106.0-1)
debian
CVE-2006-1740P4LOWCVSS 2.6fixed in firefox 1.5.dfsg+1.5.0.2-2 (sid)2006
CVE-2006-1740 [LOW] CVE-2006-1740: firefox - Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.... Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.2-2)
debian
CVE-2021-24000P4LOWCVSS 3.1fixed in firefox 88.0-1 (sid)2021
CVE-2021-24000 [LOW] CVE-2021-24000: firefox - A race condition with requestPointerLock() and setTimeout() could have resulted ... A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as ) this could have led to an attack where a user was confused about the origin of the webpage and potentially disclosed information they did not intend to. This
debian
CVE-2006-4567P4LOWCVSS 2.6fixed in firefox 1.5.dfsg+1.5.0.7-1 (sid)2006
CVE-2006-4567 [LOW] CVE-2006-4567: firefox - Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for ... Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arb
debian
Debian Firefox vulnerabilities | cvebase