Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/firefox-esr@140.10.0esr-1
purl pkg:deb/debian/firefox-esr@140.10.0esr-1
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-f81v-9fv8-93cd
Aliases:
CVE-2023-5217
GHSA-qqvq-6xgj-jw8g
Out-of-bounds Write Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) There are no reported fixed by versions.
Vulnerabilities fixed by this package (25)
Vulnerability Summary Aliases
VCID-2fqb-r5zb-a7dp CVE-2026-6748
VCID-3kv6-c148-nkhq CVE-2026-6765
VCID-59d3-343b-e3aw CVE-2026-6770
VCID-61r1-arbe-dke4 CVE-2026-6761
VCID-7jt2-zr49-7ye5 CVE-2026-6766
VCID-95et-ezmb-buau CVE-2026-6751
VCID-9nbw-7c9e-13af CVE-2026-6763
VCID-av7u-3g4m-mugm CVE-2026-6762
VCID-bwth-uepr-z7a3 CVE-2026-6750
VCID-cjsm-7gxr-8ygw CVE-2026-6746
VCID-d16s-p141-qbft CVE-2026-6752
VCID-f81v-9fv8-93cd Out-of-bounds Write Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-5217
GHSA-qqvq-6xgj-jw8g
VCID-fxjm-ywug-f3d5 CVE-2026-6767
VCID-hk2m-rbdy-nqhc CVE-2026-6772
VCID-ma29-qa7e-9qb4 CVE-2026-6764
VCID-nge1-4cvg-zqb2 CVE-2026-6769
VCID-nyum-jpbc-abew CVE-2026-6776
VCID-p6yz-xs58-u3gm Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. CVE-2026-6786
VCID-pfmd-zv8f-8bfc Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. CVE-2026-6785
VCID-q689-wneh-hbdq CVE-2026-6757
VCID-q8qp-5szp-mfe8 CVE-2026-6749
VCID-ruqn-mk9t-57hb CVE-2026-6753
VCID-tv7r-qf2c-dqbm CVE-2026-6771
VCID-w98r-yagc-kkec CVE-2026-6754
VCID-z6tm-b352-5uhk CVE-2026-6747

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-24T12:18:56.297559+00:00 Debian Importer Fixing VCID-av7u-3g4m-mugm https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T12:00:32.011908+00:00 Debian Importer Fixing VCID-q689-wneh-hbdq https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T11:58:33.057400+00:00 Debian Importer Fixing VCID-ma29-qa7e-9qb4 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T10:47:29.549137+00:00 Debian Importer Fixing VCID-ruqn-mk9t-57hb https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T10:28:55.086088+00:00 Debian Importer Fixing VCID-cjsm-7gxr-8ygw https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T09:33:42.343167+00:00 Debian Importer Fixing VCID-d16s-p141-qbft https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T09:09:46.330585+00:00 Debian Importer Fixing VCID-nge1-4cvg-zqb2 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T09:09:35.224178+00:00 Debian Importer Fixing VCID-7jt2-zr49-7ye5 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T08:57:02.702517+00:00 Debian Importer Fixing VCID-z6tm-b352-5uhk https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T08:50:47.761124+00:00 Debian Importer Fixing VCID-w98r-yagc-kkec https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T08:45:24.607538+00:00 Debian Importer Fixing VCID-59d3-343b-e3aw https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T08:36:50.336686+00:00 Debian Importer Fixing VCID-pfmd-zv8f-8bfc https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T08:29:10.194714+00:00 Debian Importer Fixing VCID-tv7r-qf2c-dqbm https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T08:22:23.267136+00:00 Debian Importer Fixing VCID-f81v-9fv8-93cd https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T08:15:43.343076+00:00 Debian Importer Fixing VCID-bwth-uepr-z7a3 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T08:14:27.447064+00:00 Debian Importer Fixing VCID-95et-ezmb-buau https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T07:08:41.075975+00:00 Debian Importer Fixing VCID-nyum-jpbc-abew https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T06:56:07.230626+00:00 Debian Importer Fixing VCID-61r1-arbe-dke4 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T06:52:34.498821+00:00 Debian Importer Fixing VCID-q8qp-5szp-mfe8 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T06:52:05.449063+00:00 Debian Importer Fixing VCID-fxjm-ywug-f3d5 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T06:39:35.884654+00:00 Debian Importer Fixing VCID-hk2m-rbdy-nqhc https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T06:39:15.677370+00:00 Debian Importer Fixing VCID-3kv6-c148-nkhq https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T06:29:39.259347+00:00 Debian Importer Fixing VCID-2fqb-r5zb-a7dp https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T06:26:45.315934+00:00 Debian Importer Fixing VCID-9nbw-7c9e-13af https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T06:07:00.015047+00:00 Debian Importer Affected by VCID-f81v-9fv8-93cd https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-24T05:49:27.966832+00:00 Debian Importer Fixing VCID-p6yz-xs58-u3gm https://security-tracker.debian.org/tracker/data/json 38.4.0