VulnerableCode Package Details - pkg:deb/debian/firefox-esr@115.13.0esr-1~deb11u1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-fgat-rwky-9kfd	A mismatch between allocator and deallocator could have led to memory corruption.	CVE-2024-6602
VCID-j7j6-rqdk-b3d8	An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash.	CVE-2024-7652
VCID-juqm-gbn3-ebc8	A race condition could lead to a cross-origin container obtaining permissions of the top-level origin.	CVE-2024-6601
VCID-mhp5-4zaq-5qf7	In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption.	CVE-2024-6603
VCID-w2d9-ecpu-1ucf	Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	CVE-2024-6604

Vulnerability

Summary

Aliases

VCID-fgat-rwky-9kfd

A mismatch between allocator and deallocator could have led to memory corruption.

CVE-2024-6602

VCID-j7j6-rqdk-b3d8

An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash.

CVE-2024-7652

VCID-juqm-gbn3-ebc8

A race condition could lead to a cross-origin container obtaining permissions of the top-level origin.

CVE-2024-6601

VCID-mhp5-4zaq-5qf7

In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption.

CVE-2024-6603

VCID-w2d9-ecpu-1ucf

Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2024-6604

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-29T16:53:49.989240+00:00	Debian Importer	Fixing	VCID-j7j6-rqdk-b3d8	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-29T16:53:49.730193+00:00	Debian Importer	Fixing	VCID-w2d9-ecpu-1ucf	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-29T16:53:49.705887+00:00	Debian Importer	Fixing	VCID-mhp5-4zaq-5qf7	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-29T16:53:49.679934+00:00	Debian Importer	Fixing	VCID-fgat-rwky-9kfd	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-29T16:53:49.655095+00:00	Debian Importer	Fixing	VCID-juqm-gbn3-ebc8	https://security-tracker.debian.org/tracker/data/json	38.6.0