Search for packages
| purl | pkg:deb/debian/firefox-esr@140.10.0esr-1 |
| Next non-vulnerable version | 140.10.1esr-1~deb12u1 |
| Latest non-vulnerable version | 140.10.1esr-1~deb12u1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1y9d-wx59-fyh2
Aliases: CVE-2026-7323 |
Memory safety bugs present in Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Firefox ESR 140.10.1. |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-9uk1-zvat-5qc9
Aliases: CVE-2026-7320 |
Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1. |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-f81v-9fv8-93cd
Aliases: CVE-2023-5217 GHSA-qqvq-6xgj-jw8g |
Out-of-bounds Write Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
Affected by 1 other vulnerability. |
|
VCID-ndwm-svz7-5uen
Aliases: CVE-2026-7321 |
Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox ESR 140.10.1. |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-zkbj-717t-j3hw
Aliases: CVE-2026-7322 |
Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1. |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2fqb-r5zb-a7dp |
CVE-2026-6748
|
|
| VCID-3kv6-c148-nkhq |
CVE-2026-6765
|
|
| VCID-59d3-343b-e3aw |
CVE-2026-6770
|
|
| VCID-61r1-arbe-dke4 |
CVE-2026-6761
|
|
| VCID-7jt2-zr49-7ye5 |
CVE-2026-6766
|
|
| VCID-95et-ezmb-buau |
CVE-2026-6751
|
|
| VCID-9nbw-7c9e-13af |
CVE-2026-6763
|
|
| VCID-av7u-3g4m-mugm |
CVE-2026-6762
|
|
| VCID-bwth-uepr-z7a3 |
CVE-2026-6750
|
|
| VCID-cjsm-7gxr-8ygw |
CVE-2026-6746
|
|
| VCID-d16s-p141-qbft |
CVE-2026-6752
|
|
| VCID-f81v-9fv8-93cd | Out-of-bounds Write Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
CVE-2023-5217
GHSA-qqvq-6xgj-jw8g |
| VCID-fxjm-ywug-f3d5 |
CVE-2026-6767
|
|
| VCID-hk2m-rbdy-nqhc |
CVE-2026-6772
|
|
| VCID-ma29-qa7e-9qb4 |
CVE-2026-6764
|
|
| VCID-nge1-4cvg-zqb2 |
CVE-2026-6769
|
|
| VCID-nyum-jpbc-abew |
CVE-2026-6776
|
|
| VCID-p6yz-xs58-u3gm | Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2026-6786
|
| VCID-pfmd-zv8f-8bfc | Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2026-6785
|
| VCID-q689-wneh-hbdq |
CVE-2026-6757
|
|
| VCID-q8qp-5szp-mfe8 |
CVE-2026-6749
|
|
| VCID-ruqn-mk9t-57hb |
CVE-2026-6753
|
|
| VCID-tv7r-qf2c-dqbm |
CVE-2026-6771
|
|
| VCID-w98r-yagc-kkec |
CVE-2026-6754
|
|
| VCID-z6tm-b352-5uhk |
CVE-2026-6747
|