Debian Firefox vulnerabilities
1,550 known vulnerabilities affecting debian/firefox.
Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42
Vulnerabilities
Page 8 of 78
CVE-2025-1009P3CRITICALCVSS 9.8fixed in firefox 135.0-1 (sid)2025
CVE-2025-1009 [CRITICAL] CVE-2025-1009: firefox - An attacker could have caused a use-after-free via crafted XSLT data, leading to...
An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
Scope: local
sid: resolved (fixed in 135.0-1)
debian
CVE-2026-2796P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2796 [CRITICAL] CVE-2026-2796: firefox - JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability ...
JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
Scope: local
sid: resolved (fixed in 148.0-1)
debian
CVE-2025-49709P3CRITICALCVSS 9.8fixed in firefox 139.0.4-1 (sid)2025
CVE-2025-49709 [CRITICAL] CVE-2025-49709: firefox - Certain canvas operations could have lead to memory corruption. This vulnerabili...
Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox < 139.0.4.
Scope: local
sid: resolved (fixed in 139.0.4-1)
debian
CVE-2025-9179P3CRITICALCVSS 9.8fixed in firefox 142.0-1 (sid)2025
CVE-2025-9179 [CRITICAL] CVE-2025-9179: firefox - An attacker was able to perform memory corruption in the GMP process which proce...
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and T
debian
CVE-2026-2771P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2771 [CRITICAL] CVE-2026-2771: firefox - Undefined behavior in the DOM: Core & HTML component. This vulnerability affects...
Undefined behavior in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Scope: local
sid: resolved (fixed in 148.0-1)
debian
CVE-2026-0892P3CRITICALCVSS 9.8fixed in firefox 147.0-1 (sid)2026
CVE-2026-0892 [CRITICAL] CVE-2026-0892: firefox - Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bug...
Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 147 and Thunderbird < 147.
Scope: local
sid: resolved (fixed in 147.0-1)
debian
CVE-2024-1554P3CRITICALCVSS 9.8fixed in firefox 123.0-1 (sid)2024
CVE-2024-1554 [CRITICAL] CVE-2024-1554: firefox - The `fetch()` API and navigation incorrectly shared the same cache, as the cache...
The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers `fetch()` may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a `fetch()` response controlled by the additional headers. Upon navigation to the same URL, the user wou
debian
CVE-2025-8043P3CRITICALCVSS 9.8fixed in firefox 141.0-1 (sid)2025
CVE-2025-8043 [CRITICAL] CVE-2025-8043: firefox - Focus incorrectly truncated URLs towards the beginning instead of around the ori...
Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability affects Firefox < 141 and Thunderbird < 141.
Scope: local
sid: resolved (fixed in 141.0-1)
debian
CVE-2026-2785P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2785 [CRITICAL] CVE-2026-2785: firefox - Invalid pointer in the JavaScript Engine component. This vulnerability affects F...
Invalid pointer in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Scope: local
sid: resolved (fixed in 148.0-1)
debian
CVE-2025-11721P3CRITICALCVSS 9.8fixed in firefox 144.0-1 (sid)2025
CVE-2025-11721 [CRITICAL] CVE-2025-11721: firefox - Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed ev...
Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144 and Thunderbird < 144.
Scope: local
sid: resolved (fixed in 144.0-1)
debian
CVE-2026-4729P3CRITICALCVSS 9.8fixed in firefox 149.0-1 (sid)2026
CVE-2026-4729 [CRITICAL] CVE-2026-4729: firefox - Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bug...
Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149 and Thunderbird < 149.
Scope: local
sid: resolved (fixed in 149.0-1)
debian
CVE-2026-2799P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2799 [CRITICAL] CVE-2026-2799: firefox - Use-after-free in the DOM: Core & HTML component. This vulnerability affects Fir...
Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
Scope: local
sid: resolved (fixed in 148.0-1)
debian
CVE-2016-5280P3CRITICALCVSS 9.8fixed in firefox 49.0-1 (sid)2016
CVE-2016-5280 [CRITICAL] CVE-2016-5280: firefox - Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::Remove...
Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text.
Scope: local
sid: resolved (fixed in 49.0-1)
debian
CVE-2025-6436P3HIGHCVSS 8.1fixed in firefox 140.0-1 (sid)2025
CVE-2025-6436 [HIGH] CVE-2025-6436: firefox - Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bug...
Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 140 and Thunderbird < 140.
Scope: local
sid: resolved (fixed in 140.0-1)
debian
CVE-2024-3854P3HIGHCVSS 8.8fixed in firefox 125.0.1-1 (sid)2024
CVE-2024-3854 [HIGH] CVE-2024-3854: firefox - In some code patterns the JIT incorrectly optimized switch statements and genera...
In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
Scope: local
sid: resolved (fixed in 125.0.1-1)
debian
CVE-2022-46872P3HIGHCVSS 8.6fixed in firefox 108.0-1 (sid)2022
CVE-2022-46872 [HIGH] CVE-2022-46872: firefox - An attacker who compromised a content process could have partially escaped the s...
An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.
Scope: local
sid: resolved (fixed in 108.0-1)
debian
CVE-2018-18492P3CRITICALCVSS 9.8fixed in firefox 64.0-1 (sid)2018
CVE-2018-18492 [CRITICAL] CVE-2018-18492: firefox - A use-after-free vulnerability can occur after deleting a selection element due ...
A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
Scope: local
sid: resolved (fixed in 64.0-1)
debian
CVE-2018-12407P3CRITICALCVSS 9.8fixed in firefox 64.0-1 (sid)2018
CVE-2018-12407 [CRITICAL] CVE-2018-12407: firefox - A buffer overflow occurs when drawing and validating elements with the ANGLE gra...
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. This vulnerability affects Firefox < 64.
Scope: local
sid: resolved (fixed in 64.0-1)
debian
CVE-2018-5093P3HIGHCVSS 7.5fixed in firefox 58.0-1 (sid)2018
CVE-2018-5093 [HIGH] CVE-2018-5093: firefox - A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Tabl...
A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58.
Scope: local
sid: resolved (fixed in 58.0-1)
debian
CVE-2025-9185P3HIGHCVSS 8.1fixed in firefox 142.0-1 (sid)2025
CVE-2025-9185 [HIGH] CVE-2025-9185: firefox - Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbir...
Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, F
debian