VulnerableCode Package Details - pkg:deb/debian/firefox@135.0-1?distro=sid

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1xcg-n9k4-tqc4	A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution.	CVE-2025-1011
VCID-95g4-dcau-6bd1	The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack.	CVE-2025-1019
VCID-bzgb-mdsk-yua6	An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash.	CVE-2025-1009
VCID-cypj-1jsu-cbh5	Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	CVE-2025-1016
VCID-f5w8-j656-akf4	Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	CVE-2025-1017
VCID-m93r-91y4-xyaz	An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash.	CVE-2025-1010
VCID-ms9h-982a-pkdu	Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed.	CVE-2025-1014
VCID-n529-v6zj-n3gf	The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack.	CVE-2025-1018
VCID-pj4h-ff45-e3ez	A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak.	CVE-2025-1013
VCID-prve-an93-pkd8	Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	CVE-2025-1020
VCID-ymu8-mjph-f7a4	A race during concurrent delazification could have led to a use-after-free.	CVE-2025-1012

Vulnerability

Summary

Aliases

VCID-1xcg-n9k4-tqc4

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution.

CVE-2025-1011

VCID-95g4-dcau-6bd1

The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack.

CVE-2025-1019

VCID-bzgb-mdsk-yua6

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash.

CVE-2025-1009

VCID-cypj-1jsu-cbh5

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2025-1016

VCID-f5w8-j656-akf4

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2025-1017

VCID-m93r-91y4-xyaz

An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash.

CVE-2025-1010

VCID-ms9h-982a-pkdu

Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed.

CVE-2025-1014

VCID-n529-v6zj-n3gf

The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack.

CVE-2025-1018

VCID-pj4h-ff45-e3ez

A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak.

CVE-2025-1013

VCID-prve-an93-pkd8

Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2025-1020

VCID-ymu8-mjph-f7a4

A race during concurrent delazification could have led to a use-after-free.

CVE-2025-1012

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:56:43.146362+00:00	Debian Importer	Fixing	VCID-ms9h-982a-pkdu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:23:08.103589+00:00	Debian Importer	Fixing	VCID-1xcg-n9k4-tqc4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:14:26.653833+00:00	Debian Importer	Fixing	VCID-pj4h-ff45-e3ez	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:23:12.480472+00:00	Debian Importer	Fixing	VCID-ymu8-mjph-f7a4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:35:27.012035+00:00	Debian Importer	Fixing	VCID-bzgb-mdsk-yua6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:28:20.563706+00:00	Debian Importer	Fixing	VCID-95g4-dcau-6bd1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:21:19.030629+00:00	Debian Importer	Fixing	VCID-n529-v6zj-n3gf	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:04:34.335498+00:00	Debian Importer	Fixing	VCID-cypj-1jsu-cbh5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:58:41.099832+00:00	Debian Importer	Fixing	VCID-prve-an93-pkd8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:55:16.004034+00:00	Debian Importer	Fixing	VCID-f5w8-j656-akf4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:47:21.413400+00:00	Debian Importer	Fixing	VCID-m93r-91y4-xyaz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:09:15.942296+00:00	Debian Importer	Fixing	VCID-pj4h-ff45-e3ez	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:09:14.420815+00:00	Debian Importer	Fixing	VCID-ms9h-982a-pkdu	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:56:15.816158+00:00	Debian Importer	Fixing	VCID-f5w8-j656-akf4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:45:13.500988+00:00	Debian Importer	Fixing	VCID-1xcg-n9k4-tqc4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:31:48.004471+00:00	Debian Importer	Fixing	VCID-prve-an93-pkd8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:59:55.259809+00:00	Debian Importer	Fixing	VCID-ymu8-mjph-f7a4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:23:16.119831+00:00	Debian Importer	Fixing	VCID-bzgb-mdsk-yua6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:19:00.218185+00:00	Debian Importer	Fixing	VCID-95g4-dcau-6bd1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:14:57.001078+00:00	Debian Importer	Fixing	VCID-n529-v6zj-n3gf	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:04:57.766488+00:00	Debian Importer	Fixing	VCID-cypj-1jsu-cbh5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:54:15.602863+00:00	Debian Importer	Fixing	VCID-m93r-91y4-xyaz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:17:22.292509+00:00	Debian Importer	Fixing	VCID-ms9h-982a-pkdu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:17:22.241295+00:00	Debian Importer	Fixing	VCID-cypj-1jsu-cbh5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:15:53.628987+00:00	Debian Importer	Fixing	VCID-prve-an93-pkd8	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:13:14.100566+00:00	Debian Importer	Fixing	VCID-pj4h-ff45-e3ez	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:13:14.044187+00:00	Debian Importer	Fixing	VCID-f5w8-j656-akf4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:12:48.147716+00:00	Debian Importer	Fixing	VCID-m93r-91y4-xyaz	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:11:26.510074+00:00	Debian Importer	Fixing	VCID-1xcg-n9k4-tqc4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:07:56.735384+00:00	Debian Importer	Fixing	VCID-ymu8-mjph-f7a4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:05:27.451829+00:00	Debian Importer	Fixing	VCID-95g4-dcau-6bd1	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:05:18.795664+00:00	Debian Importer	Fixing	VCID-bzgb-mdsk-yua6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:04:39.547718+00:00	Debian Importer	Fixing	VCID-n529-v6zj-n3gf	https://security-tracker.debian.org/tracker/data/json	38.1.0