Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/firefox-esr@128.3.0esr-1?distro=trixie
purl pkg:deb/debian/firefox-esr@128.3.0esr-1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (4)
Vulnerability Summary Aliases
VCID-7wvh-upas-2bgh An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. CVE-2024-9394
VCID-ka9e-ps8e-ryc8 Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. CVE-2024-9392
VCID-kx3j-abfc-qfh2 An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. CVE-2024-9393
VCID-z6yt-va55-s3ey Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. CVE-2024-9401

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T10:56:00.064397+00:00 Debian Importer Fixing VCID-z6yt-va55-s3ey https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:45:54.206329+00:00 Debian Importer Fixing VCID-kx3j-abfc-qfh2 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:45:30.944081+00:00 Debian Importer Fixing VCID-7wvh-upas-2bgh https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:36:18.328165+00:00 Debian Importer Fixing VCID-ka9e-ps8e-ryc8 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T07:24:45.266298+00:00 Debian Importer Fixing VCID-z6yt-va55-s3ey https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:58:40.243175+00:00 Debian Importer Fixing VCID-kx3j-abfc-qfh2 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:46:02.217842+00:00 Debian Importer Fixing VCID-7wvh-upas-2bgh https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:45:08.133608+00:00 Debian Importer Fixing VCID-ka9e-ps8e-ryc8 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:23:43.049960+00:00 Debian Importer Fixing VCID-z6yt-va55-s3ey https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:23:42.991984+00:00 Debian Importer Fixing VCID-7wvh-upas-2bgh https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:23:42.933652+00:00 Debian Importer Fixing VCID-kx3j-abfc-qfh2 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:23:42.875622+00:00 Debian Importer Fixing VCID-ka9e-ps8e-ryc8 https://security-tracker.debian.org/tracker/data/json 38.1.0