cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 9 of 78
CVE-2026-0891P3HIGHCVSS 8.1fixed in firefox 147.0-1 (sid)2026
CVE-2026-0891 [HIGH] CVE-2026-0891: firefox - Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox ... Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
debian
CVE-2025-9184P3HIGHCVSS 8.1fixed in firefox 142.0-1 (sid)2025
CVE-2025-9184 [HIGH] CVE-2025-9184: firefox - Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox ... Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2.
debian
CVE-2018-12387P3CRITICALCVSS 9.1fixed in firefox 62.0.3-1 (sid)2018
CVE-2018-12387 [CRITICAL] CVE-2018-12387: firefox - A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push w... A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox
debian
CVE-2025-1016P3CRITICALCVSS 9.8fixed in firefox 135.0-1 (sid)2025
CVE-2025-1016 [CRITICAL] CVE-2025-1016: firefox - Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, ... Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Fi
debian
CVE-2026-2762P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2762 [CRITICAL] CVE-2026-2762: firefox - Integer overflow in the JavaScript: Standard Library component. This vulnerabili... Integer overflow in the JavaScript: Standard Library component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)
debian
CVE-2026-2774P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2774 [CRITICAL] CVE-2026-2774: firefox - Integer overflow in the Audio/Video component. This vulnerability affects Firefo... Integer overflow in the Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)
debian
CVE-2025-8028P3CRITICALCVSS 9.8fixed in firefox 141.0-1 (sid)2025
CVE-2025-8028 [CRITICAL] CVE-2025-8028: firefox - On arm64, a WASM `br_table` instruction with a lot of entries could lead to the ... On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. Scop
debian
CVE-2025-9187P3CRITICALCVSS 9.8fixed in firefox 142.0-1 (sid)2025
CVE-2025-9187 [CRITICAL] CVE-2025-9187: firefox - Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bug... Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142 and Thunderbird < 142. Scope: local sid: resolved (fixed in 142.0-1)
debian
CVE-2025-14326P3CRITICALCVSS 9.8fixed in firefox 146.0-1 (sid)2025
CVE-2025-14326 [CRITICAL] CVE-2025-14326: firefox - Use-after-free in the Audio/Video: GMP component. This vulnerability affects Fir... Use-after-free in the Audio/Video: GMP component. This vulnerability affects Firefox < 146 and Thunderbird < 146. Scope: local sid: resolved (fixed in 146.0-1)
debian
CVE-2020-6463P3HIGHCVSS 8.8fixed in chromium 83.0.4103.83-1 (bookworm)2020
CVE-2020-6463 [HIGH] CVE-2020-6463: chromium - Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote... Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 83.0.4103.83-1) bullseye: resolved (fixed in 83.0.4103.83-1) forky: resolved (fixed in 83.0.4103.83-1) sid: resolved (fixed in 83.0.4103.83-1) trixie: resolved (fixed in 83.
debian
CVE-2025-11709P3CRITICALCVSS 9.8fixed in firefox 144.0-1 (sid)2025
CVE-2025-11709 [CRITICAL] CVE-2025-11709: firefox - A compromised web process was able to trigger out of bounds reads and writes in ... A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. Scope: local sid: resolved (fixed in 144.0-1)
debian
CVE-2026-2781P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2781 [CRITICAL] CVE-2026-2781: firefox - Integer overflow in the Libraries component in NSS. This vulnerability affects F... Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)
debian
CVE-2025-13022P3CRITICALCVSS 9.8fixed in firefox 145.0-1 (sid)2025
CVE-2025-13022 [CRITICAL] CVE-2025-13022: firefox - Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerabil... Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145. Scope: local sid: resolved (fixed in 145.0-1)
debian
CVE-2025-13021P3CRITICALCVSS 9.8fixed in firefox 145.0-1 (sid)2025
CVE-2025-13021 [CRITICAL] CVE-2025-13021: firefox - Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerabil... Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145. Scope: local sid: resolved (fixed in 145.0-1)
debian
CVE-2025-13024P3CRITICALCVSS 9.8fixed in firefox 145.0-1 (sid)2025
CVE-2025-13024 [CRITICAL] CVE-2025-13024: firefox - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability a... JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 145 and Thunderbird < 145. Scope: local sid: resolved (fixed in 145.0-1)
debian
CVE-2026-2797P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2797 [CRITICAL] CVE-2026-2797: firefox - Use-after-free in the JavaScript: GC component. This vulnerability affects Firef... Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148. Scope: local sid: resolved (fixed in 148.0-1)
debian
CVE-2025-12380P3CRITICALCVSS 9.8fixed in firefox 144.0.2-1 (sid)2025
CVE-2025-12380 [CRITICAL] CVE-2025-12380: firefox - Starting with Firefox 142, it was possible for a compromised child process to tr... Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability affects Firefox < 144.0.2. Scope: local sid: resolved (fixed in 144.0.2-1)
debian
CVE-2026-2795P3CRITICALCVSS 9.8fixed in firefox 148.0-1 (sid)2026
CVE-2026-2795 [CRITICAL] CVE-2026-2795: firefox - Use-after-free in the JavaScript: GC component. This vulnerability affects Firef... Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148. Scope: local sid: resolved (fixed in 148.0-1)
debian
CVE-2005-4134P4LOWCVSS 5.0PoCfixed in firefox 1.5.dfsg+1.5.0.2-2 (sid)2005
CVE-2005-4134 [MEDIUM] CVE-2005-4134: firefox - Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows r... Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this is
debian
CVE-2020-15969P3HIGHCVSS 8.8fixed in chromium 87.0.4280.88-0.1 (bookworm)2020
CVE-2020-15969 [HIGH] CVE-2020-15969: chromium - Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote... Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie: resolved (fi
debian
Debian Firefox vulnerabilities | cvebase