Search for packages
| purl | pkg:deb/debian/firefox@141.0-1?distro=sid |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3kgq-ew8p-ubg5 | Firefox cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. |
CVE-2025-8036
|
| VCID-43nm-4qjy-vfgj | On arm64, a WASM br_table instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. |
CVE-2025-8028
|
| VCID-4byg-5gy3-kkff | The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. |
CVE-2025-8031
|
| VCID-a4cx-2k56-23db | Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-8040
|
| VCID-ec2q-au5k-vucq | Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-8044
|
| VCID-ffd7-y29n-6fan | XSLT document loading did not correctly propagate the source document which bypassed its CSP. |
CVE-2025-8032
|
| VCID-jm7w-hqzq-tqde | Thunderbird executed javascript: URLs when used in object and embed tags. |
CVE-2025-8029
|
| VCID-psc3-4ssv-wyb5 | On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. |
CVE-2025-8027
|
| VCID-q9f4-zumy-wbfy | Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-8034
|
| VCID-qz95-5z9e-7qb7 | The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. |
CVE-2025-8033
|
| VCID-s66q-8p3g-ckg2 | Focus incorrectly truncated URLs towards the beginning instead of around the origin. |
CVE-2025-8043
|
| VCID-tvqs-zrjz-4bhj | Firefox ignored paths when checking the validity of navigations in a frame. |
CVE-2025-8038
|
| VCID-vcnn-u8k9-8ubs | Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-8035
|
| VCID-w9ts-2s35-5qb8 | Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. |
CVE-2025-8037
|
| VCID-xr9m-xumu-xben | In some cases search terms persisted in the URL bar even after navigating away from the search page. |
CVE-2025-8039
|
| VCID-yfwd-x224-3qe6 | Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. |
CVE-2025-8030
|