VulnerableCode Package Details - pkg:alpm/archlinux/firefox@72.0-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-zbpq-qcww-6yg1 Aliases: CVE-2019-17026	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code.	72.0.1-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-zbpq-qcww-6yg1
Aliases:
CVE-2019-17026

Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code.

72.0.1-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-6fvj-phnx-kfgs	After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored.	CVE-2019-17023
VCID-7hkk-2k6p-vyc7	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code.	CVE-2019-17024
VCID-9v4g-hwwe-3ybg	Mozilla developers Karl Tomlinson, Jason Kratzer, Tyson Smith, Jon Coppeard, and Christian Holler reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	CVE-2019-17025
VCID-ap8s-63rs-jyff	If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document.	CVE-2019-17020
VCID-c4qs-a9kw-p3hc	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code.	CVE-2019-17017
VCID-javq-3r82-73fq	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code.	CVE-2019-17022
VCID-x12h-hqf2-37cc	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code.	CVE-2019-17016

Vulnerability

Summary

Aliases

VCID-6fvj-phnx-kfgs

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored.

CVE-2019-17023

VCID-7hkk-2k6p-vyc7

Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code.

CVE-2019-17024

VCID-9v4g-hwwe-3ybg

Mozilla developers Karl Tomlinson, Jason Kratzer, Tyson Smith, Jon Coppeard, and Christian Holler reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2019-17025

VCID-ap8s-63rs-jyff

If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document.

CVE-2019-17020

VCID-c4qs-a9kw-p3hc

Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code.

CVE-2019-17017

VCID-javq-3r82-73fq

Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code.

CVE-2019-17022

VCID-x12h-hqf2-37cc

Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code.

CVE-2019-17016

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-07T13:59:07.545230+00:00	Arch Linux Importer	Fixing	VCID-x12h-hqf2-37cc	https://security.archlinux.org/AVG-1084	38.1.0
2026-04-07T13:59:07.533612+00:00	Arch Linux Importer	Fixing	VCID-c4qs-a9kw-p3hc	https://security.archlinux.org/AVG-1084	38.1.0
2026-04-07T13:59:07.523346+00:00	Arch Linux Importer	Fixing	VCID-ap8s-63rs-jyff	https://security.archlinux.org/AVG-1084	38.1.0
2026-04-07T13:59:07.501388+00:00	Arch Linux Importer	Fixing	VCID-javq-3r82-73fq	https://security.archlinux.org/AVG-1084	38.1.0
2026-04-07T13:59:07.487861+00:00	Arch Linux Importer	Fixing	VCID-6fvj-phnx-kfgs	https://security.archlinux.org/AVG-1084	38.1.0
2026-04-07T13:59:07.474893+00:00	Arch Linux Importer	Fixing	VCID-7hkk-2k6p-vyc7	https://security.archlinux.org/AVG-1084	38.1.0
2026-04-07T13:59:07.457747+00:00	Arch Linux Importer	Fixing	VCID-9v4g-hwwe-3ybg	https://security.archlinux.org/AVG-1084	38.1.0
2026-04-07T13:59:07.444684+00:00	Arch Linux Importer	Affected by	VCID-zbpq-qcww-6yg1	https://security.archlinux.org/AVG-1085	38.1.0
2026-04-01T18:24:25.294429+00:00	Arch Linux Importer	Fixing	VCID-x12h-hqf2-37cc	https://security.archlinux.org/AVG-1084	38.0.0
2026-04-01T18:24:25.269748+00:00	Arch Linux Importer	Fixing	VCID-c4qs-a9kw-p3hc	https://security.archlinux.org/AVG-1084	38.0.0
2026-04-01T18:24:25.246692+00:00	Arch Linux Importer	Fixing	VCID-ap8s-63rs-jyff	https://security.archlinux.org/AVG-1084	38.0.0
2026-04-01T18:24:25.223343+00:00	Arch Linux Importer	Fixing	VCID-javq-3r82-73fq	https://security.archlinux.org/AVG-1084	38.0.0
2026-04-01T18:24:25.199094+00:00	Arch Linux Importer	Fixing	VCID-6fvj-phnx-kfgs	https://security.archlinux.org/AVG-1084	38.0.0
2026-04-01T18:24:25.175673+00:00	Arch Linux Importer	Fixing	VCID-7hkk-2k6p-vyc7	https://security.archlinux.org/AVG-1084	38.0.0
2026-04-01T18:24:25.153189+00:00	Arch Linux Importer	Fixing	VCID-9v4g-hwwe-3ybg	https://security.archlinux.org/AVG-1084	38.0.0
2026-04-01T18:24:25.121614+00:00	Arch Linux Importer	Affected by	VCID-zbpq-qcww-6yg1	https://security.archlinux.org/AVG-1085	38.0.0