Debian Firefox vulnerabilities
1,550 known vulnerabilities affecting debian/firefox.
Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42
Vulnerabilities
Page 78 of 78
CVE-2006-2786P4MEDIUMCVSS 2.6fixed in firefox 1.5.dfsg+1.5.0.4-1 (sid)2006
CVE-2006-2786 [LOW] CVE-2006-2786: firefox - HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before ...
HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in so
debian
CVE-2023-4579P4LOWCVSS 3.1fixed in firefox 117.0-1 (sid)2023
CVE-2023-4579 [LOW] CVE-2023-4579: firefox - Search queries in the default search engine could appear to have been the curren...
Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117.
Scope: local
sid: resolved (fixed in 117.0-1)
debian
CVE-2023-34414P4LOWCVSS 3.1fixed in firefox 114.0-1 (sid)2023
CVE-2023-34414 [LOW] CVE-2023-34414: firefox - The error page for sites with invalid TLS certificates was missing the activatio...
The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a site with a certificate error and made the renderer extremely busy at the s
debian
CVE-2020-12394P4LOWCVSS 3.3fixed in firefox 76.0-1 (sid)2020
CVE-2020-12394 [LOW] CVE-2020-12394: firefox - A logic flaw in our location bar implementation could have allowed a local attac...
A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element. This vulnerability affects Firefox < 76.
Scope: local
sid: resolved (fixed in 76.0-1)
debian
CVE-2020-6824P4LOWCVSS 2.8fixed in firefox 75.0-1 (sid)2020
CVE-2020-6824 [LOW] CVE-2020-6824: firefox - Initially, a user opens a Private Browsing Window and generates a password for a...
Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. Subsequently, if the user had opened a new Private Browsing Window, revisited the same site, and generated a new password - the generated passwords would have been identical, rather than independent. This vulnerability
debian
CVE-2017-5387P4LOWCVSS 3.3fixed in firefox 51.0-1 (sid)2017
CVE-2017-5387 [LOW] CVE-2017-5387: firefox - The existence of a specifically requested local file can be found due to the dou...
The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox < 51.
Scope: local
sid: resolved (fixed in 51.0-1)
debian
CVE-2006-4569P4LOWCVSS 2.6fixed in firefox 1.5.dfsg+1.5.0.7-1 (sid)2006
CVE-2006-4569 [LOW] CVE-2006-4569: firefox - The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" d...
The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.
Scope: local
sid: resolved (fixed in 1.5.dfsg+1.5.0.7-1)
debian
CVE-2005-2353P4LOWCVSS 2.1fixed in firefox 1.5.dfsg+1.5.0.2-1 (sid)2005
CVE-2005-2353 [LOW] CVE-2005-2353: firefox - run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to cre...
run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
Scope: local
sid: resolved (fixed in 1.5.dfsg+1.5.0.2-1)
debian
CVE-2006-2332P4LOWCVSS 2.6fixed in firefox 1.5.dfsg+1.5.0.3-2 (sid)2006
CVE-2006-2332 [LOW] CVE-2006-2332: firefox - Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of service via...
Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of service via a web page with a large number of IMG elements in which the SRC attribute is a mailto URI. NOTE: another researcher found that the web page caused a temporary browser slowdown instead of a crash.
Scope: local
sid: resolved (fixed in 1.5.dfsg+1.5.0.3-2)
debian
CVE-2006-3731P4LOWCVSS 2.6fixed in firefox 1.5.dfsg+1.5.0.6-1 (sid)2006
CVE-2006-3731 [LOW] CVE-2006-3731: firefox - Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attackers to cau...
Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attackers to cause a denial of service (crash) via a form with a multipart/form-data encoding and a user-uploaded file. NOTE: a third party has claimed that this issue might be related to the LiveHTTPHeaders extension.
Scope: local
sid: resolved (fixed in 1.5.dfsg+1.5.0.6-1)
debian
← Previous78 / 78