VulnerableCode Package Details - pkg:deb/debian/firefox@124.0-1?distro=sid

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2tts-gwgd-zqcz	A vulnerability has been discovered in NSS, which can lead to the recovery of private data.	CVE-2023-5388
VCID-2zdh-azdw-tuav	Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.	CVE-2024-2609
VCID-3vbp-2h4f-7bav	A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions.	CVE-2024-2611
VCID-41g2-dvb2-yqhg	Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	CVE-2024-2614
VCID-4bfx-2qxt-jfha	Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	CVE-2024-2615
VCID-b5y9-qmw5-nkbv	If an attacker could find a way to trigger a particular code path in SafeRefPtr, it could have triggered a crash or potentially be leveraged to achieve code execution.	CVE-2024-2612
VCID-fg7v-fypu-k3h4	Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values.	CVE-2024-2606
VCID-g24d-23zk-6fgn	AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding() and AppendEncodedCharacters() could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write.	CVE-2024-2608
VCID-n8gb-hpjb-v7a5	Return registers were overwritten which could have allowed an attacker to execute arbitrary code. Note: This issue only affected Armv7-A systems. Other operating systems are unaffected.	CVE-2024-2607
VCID-pse8-xnc7-gkbv	Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies.	CVE-2024-2610
VCID-v5gq-2gv5-gycv	Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash.	CVE-2024-2613

Vulnerability

Summary

Aliases

VCID-2tts-gwgd-zqcz

A vulnerability has been discovered in NSS, which can lead to the recovery of private data.

CVE-2023-5388

VCID-2zdh-azdw-tuav

Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.

CVE-2024-2609

VCID-3vbp-2h4f-7bav

A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions.

CVE-2024-2611

VCID-41g2-dvb2-yqhg

Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2024-2614

VCID-4bfx-2qxt-jfha

Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2024-2615

VCID-b5y9-qmw5-nkbv

If an attacker could find a way to trigger a particular code path in SafeRefPtr, it could have triggered a crash or potentially be leveraged to achieve code execution.

CVE-2024-2612

VCID-fg7v-fypu-k3h4

Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values.

CVE-2024-2606

VCID-g24d-23zk-6fgn

AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding() and AppendEncodedCharacters() could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write.

CVE-2024-2608

VCID-n8gb-hpjb-v7a5

Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected.

CVE-2024-2607

VCID-pse8-xnc7-gkbv

Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies.

CVE-2024-2610

VCID-v5gq-2gv5-gycv

Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash.

CVE-2024-2613

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:38:34.481219+00:00	Debian Importer	Fixing	VCID-n8gb-hpjb-v7a5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:49:08.954203+00:00	Debian Importer	Fixing	VCID-4bfx-2qxt-jfha	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:17:09.181974+00:00	Debian Importer	Fixing	VCID-2tts-gwgd-zqcz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:10:57.323021+00:00	Debian Importer	Fixing	VCID-41g2-dvb2-yqhg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:09:18.907503+00:00	Debian Importer	Fixing	VCID-2zdh-azdw-tuav	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:07:11.933780+00:00	Debian Importer	Fixing	VCID-b5y9-qmw5-nkbv	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:02:34.865590+00:00	Debian Importer	Fixing	VCID-3vbp-2h4f-7bav	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:48:30.312684+00:00	Debian Importer	Fixing	VCID-v5gq-2gv5-gycv	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:56:10.411038+00:00	Debian Importer	Fixing	VCID-fg7v-fypu-k3h4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:42:57.773533+00:00	Debian Importer	Fixing	VCID-pse8-xnc7-gkbv	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:42:42.693883+00:00	Debian Importer	Fixing	VCID-g24d-23zk-6fgn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:39:47.979006+00:00	Debian Importer	Fixing	VCID-n8gb-hpjb-v7a5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:03:51.570887+00:00	Debian Importer	Fixing	VCID-4bfx-2qxt-jfha	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:40:38.571141+00:00	Debian Importer	Fixing	VCID-2tts-gwgd-zqcz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:36:05.515400+00:00	Debian Importer	Fixing	VCID-41g2-dvb2-yqhg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:34:48.485453+00:00	Debian Importer	Fixing	VCID-2zdh-azdw-tuav	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:33:15.418953+00:00	Debian Importer	Fixing	VCID-b5y9-qmw5-nkbv	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:29:49.952651+00:00	Debian Importer	Fixing	VCID-3vbp-2h4f-7bav	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:18:54.647722+00:00	Debian Importer	Fixing	VCID-v5gq-2gv5-gycv	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:39:08.208538+00:00	Debian Importer	Fixing	VCID-fg7v-fypu-k3h4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-12T17:48:00.002894+00:00	Debian Importer	Fixing	VCID-pse8-xnc7-gkbv	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:27:26.401299+00:00	Debian Importer	Fixing	VCID-g24d-23zk-6fgn	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:18:07.723211+00:00	Debian Importer	Fixing	VCID-n8gb-hpjb-v7a5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:17:41.490608+00:00	Debian Importer	Fixing	VCID-41g2-dvb2-yqhg	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:15:13.795911+00:00	Debian Importer	Fixing	VCID-3vbp-2h4f-7bav	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:14:29.133929+00:00	Debian Importer	Fixing	VCID-2tts-gwgd-zqcz	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:12:48.240414+00:00	Debian Importer	Fixing	VCID-4bfx-2qxt-jfha	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:10:34.102992+00:00	Debian Importer	Fixing	VCID-2zdh-azdw-tuav	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:10:27.847399+00:00	Debian Importer	Fixing	VCID-b5y9-qmw5-nkbv	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:09:31.833811+00:00	Debian Importer	Fixing	VCID-v5gq-2gv5-gycv	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:06:20.557679+00:00	Debian Importer	Fixing	VCID-fg7v-fypu-k3h4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:05:39.822607+00:00	Debian Importer	Fixing	VCID-pse8-xnc7-gkbv	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:05:38.825051+00:00	Debian Importer	Fixing	VCID-g24d-23zk-6fgn	https://security-tracker.debian.org/tracker/data/json	38.1.0