Debian Firefox vulnerabilities

CVE-2025-14330 [CRITICAL] CVE-2025-14330: firefox - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability a... JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. Scope: local sid: resolved (fixed in 146.0-1)

CVE-2025-8028 [CRITICAL] CVE-2025-8028: firefox - On arm64, a WASM `br_table` instruction with a lot of entries could lead to the ... On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. Scop

CVE-2025-1009 [CRITICAL] CVE-2025-1009: firefox - An attacker could have caused a use-after-free via crafted XSLT data, leading to... An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Scope: local sid: resolved (fixed in 135.0-1)

CVE-2025-6424 [CRITICAL] CVE-2025-6424: firefox - A use-after-free in FontFaceSet resulted in a potentially exploitable crash. Thi... A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12. Scope: local sid: resolved (fixed in 140.0-1)

CVE-2025-14860 [CRITICAL] CVE-2025-14860: firefox - Use-after-free in the Disability Access APIs component. This vulnerability affec... Use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 146.0.1. Scope: local sid: resolved (fixed in 146.0.1-1)

CVE-2025-13023 [CRITICAL] CVE-2025-13023: firefox - Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU comp... Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145. Scope: local sid: resolved (fixed in 145.0-1)

CVE-2025-11721 [CRITICAL] CVE-2025-11721: firefox - Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed ev... Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144 and Thunderbird < 144. Scope: local sid: resolved (fixed in 144.0-1)

CVE-2025-6427 [CRITICAL] CVE-2025-6427: firefox - An attacker was able to bypass the `connect-src` directive of a Content Security... An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox < 140 and Thunderbird < 140. Scope: local sid: resolved (fixed in 140.0-1)

CVE-2025-8038 [CRITICAL] CVE-2025-8038: firefox - Thunderbird ignored paths when checking the validity of navigations in a frame. ... Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. Scope: local sid: resolved (fixed in 141.0-1)

CVE-2025-13024 [CRITICAL] CVE-2025-13024: firefox - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability a... JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 145 and Thunderbird < 145. Scope: local sid: resolved (fixed in 145.0-1)

CVE-2025-1020 [CRITICAL] CVE-2025-1020: firefox - Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bug... Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135 and Thunderbird < 135. Scope: local sid: resolved (fixed in 135.0-1)

CVE-2025-8043 [CRITICAL] CVE-2025-8043: firefox - Focus incorrectly truncated URLs towards the beginning instead of around the ori... Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability affects Firefox < 141 and Thunderbird < 141. Scope: local sid: resolved (fixed in 141.0-1)

CVE-2025-13026 [CRITICAL] CVE-2025-13026: firefox - Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU comp... Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145. Scope: local sid: resolved (fixed in 145.0-1)

CVE-2025-49709 [CRITICAL] CVE-2025-49709: firefox - Certain canvas operations could have lead to memory corruption. This vulnerabili... Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox < 139.0.4. Scope: local sid: resolved (fixed in 139.0.4-1)

CVE-2025-14321 [CRITICAL] CVE-2025-14321: firefox - Use-after-free in the WebRTC: Signaling component. This vulnerability affects Fi... Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. Scope: local sid: resolved (fixed in 146.0-1)

CVE-2025-9187 [CRITICAL] CVE-2025-9187: firefox - Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bug... Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142 and Thunderbird < 142. Scope: local sid: resolved (fixed in 142.0-1)

CVE-2025-8037 [CRITICAL] CVE-2025-8037: firefox - Setting a nameless cookie with an equals sign in the value shadowed other cookie... Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. Scope: local sid: resolved (fixed in 141.0-1)

CVE-2025-11709 [CRITICAL] CVE-2025-11709: firefox - A compromised web process was able to trigger out of bounds reads and writes in ... A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. Scope: local sid: resolved (fixed in 144.0-1)

CVE-2025-1017 [CRITICAL] CVE-2025-1017: firefox - Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, a... Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

CVE-2025-12380 [CRITICAL] CVE-2025-12380: firefox - Starting with Firefox 142, it was possible for a compromised child process to tr... Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability affects Firefox < 144.0.2. Scope: local sid: resolved (fixed in 144.0.2-1)