Search for packages
| purl | pkg:deb/debian/firefox-esr@140.10.1esr-1 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-f81v-9fv8-93cd
Aliases: CVE-2023-5217 GHSA-qqvq-6xgj-jw8g |
Out-of-bounds Write Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1y9d-wx59-fyh2 | Memory safety bugs present in Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Firefox ESR 140.10.1. |
CVE-2026-7323
|
| VCID-9uk1-zvat-5qc9 | Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1. |
CVE-2026-7320
|
| VCID-f81v-9fv8-93cd | Out-of-bounds Write Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
CVE-2023-5217
GHSA-qqvq-6xgj-jw8g |
| VCID-ndwm-svz7-5uen | Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox ESR 140.10.1. |
CVE-2026-7321
|
| VCID-zkbj-717t-j3hw | Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1. |
CVE-2026-7322
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-05-02T05:03:37.365442+00:00 | Debian Importer | Fixing | VCID-9uk1-zvat-5qc9 | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-05-02T04:05:15.324708+00:00 | Debian Importer | Fixing | VCID-ndwm-svz7-5uen | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-05-02T00:44:40.024042+00:00 | Debian Importer | Fixing | VCID-zkbj-717t-j3hw | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-05-02T00:05:57.194699+00:00 | Debian Importer | Affected by | VCID-f81v-9fv8-93cd | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-05-01T22:41:47.021085+00:00 | Debian Importer | Fixing | VCID-1y9d-wx59-fyh2 | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-05-01T22:11:50.675240+00:00 | Debian Importer | Fixing | VCID-f81v-9fv8-93cd | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |