VulnerableCode Package Details - pkg:deb/debian/firefox@143.0-1?distro=sid

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3qfb-sxha-v3cw	Same-origin policy bypass in the Layout component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.	CVE-2025-10529
VCID-66z1-8zeg-9qh1	Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.	CVE-2025-10528
VCID-93au-w2zh-3yhg	Integer overflow in the SVG component. This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.	CVE-2025-10533
VCID-akrk-hjgk-5kbz	Spoofing issue in the Site Permissions component. This vulnerability affects Firefox < 143 and Thunderbird < 143.	CVE-2025-10534
VCID-c576-h945-7kby	Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability affects Firefox < 143 and Thunderbird < 143.	CVE-2025-10531
VCID-c6rx-p235-9bdz	Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	CVE-2025-10537
VCID-ddwf-z514-hbbj	Information disclosure in the Networking: Cache component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.	CVE-2025-10536
VCID-rg63-avu7-2bdc	Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.	CVE-2025-10527
VCID-ruc1-kmaz-fkbb	Incorrect boundary conditions in the JavaScript: GC component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.	CVE-2025-10532

Vulnerability

Summary

Aliases

VCID-3qfb-sxha-v3cw

Same-origin policy bypass in the Layout component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.

CVE-2025-10529

VCID-66z1-8zeg-9qh1

Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.

CVE-2025-10528

VCID-93au-w2zh-3yhg

Integer overflow in the SVG component. This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.

CVE-2025-10533

VCID-akrk-hjgk-5kbz

Spoofing issue in the Site Permissions component. This vulnerability affects Firefox < 143 and Thunderbird < 143.

CVE-2025-10534

VCID-c576-h945-7kby

Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability affects Firefox < 143 and Thunderbird < 143.

CVE-2025-10531

VCID-c6rx-p235-9bdz

Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2025-10537

VCID-ddwf-z514-hbbj

Information disclosure in the Networking: Cache component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.

CVE-2025-10536

VCID-rg63-avu7-2bdc

Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.

CVE-2025-10527

VCID-ruc1-kmaz-fkbb

Incorrect boundary conditions in the JavaScript: GC component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.

CVE-2025-10532

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T10:59:12.855760+00:00	Debian Importer	Fixing	VCID-c6rx-p235-9bdz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:30:32.819645+00:00	Debian Importer	Fixing	VCID-3qfb-sxha-v3cw	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:44:35.046410+00:00	Debian Importer	Fixing	VCID-66z1-8zeg-9qh1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:30:00.288382+00:00	Debian Importer	Fixing	VCID-ruc1-kmaz-fkbb	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:16:53.816294+00:00	Debian Importer	Fixing	VCID-akrk-hjgk-5kbz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:05:44.709110+00:00	Debian Importer	Fixing	VCID-93au-w2zh-3yhg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:03:57.524828+00:00	Debian Importer	Fixing	VCID-rg63-avu7-2bdc	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:00:37.006650+00:00	Debian Importer	Fixing	VCID-c576-h945-7kby	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:39:41.607046+00:00	Debian Importer	Fixing	VCID-ddwf-z514-hbbj	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:27:16.028503+00:00	Debian Importer	Fixing	VCID-c6rx-p235-9bdz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:09:10.800429+00:00	Debian Importer	Fixing	VCID-ddwf-z514-hbbj	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:06:27.165012+00:00	Debian Importer	Fixing	VCID-66z1-8zeg-9qh1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:05:38.606175+00:00	Debian Importer	Fixing	VCID-3qfb-sxha-v3cw	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:38:57.633857+00:00	Debian Importer	Fixing	VCID-akrk-hjgk-5kbz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:20:08.407933+00:00	Debian Importer	Fixing	VCID-ruc1-kmaz-fkbb	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:05:38.756211+00:00	Debian Importer	Fixing	VCID-93au-w2zh-3yhg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:04:35.246263+00:00	Debian Importer	Fixing	VCID-rg63-avu7-2bdc	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:02:27.510822+00:00	Debian Importer	Fixing	VCID-c576-h945-7kby	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:16:06.641899+00:00	Debian Importer	Fixing	VCID-ddwf-z514-hbbj	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:13:46.868209+00:00	Debian Importer	Fixing	VCID-66z1-8zeg-9qh1	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:13:36.041199+00:00	Debian Importer	Fixing	VCID-93au-w2zh-3yhg	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:13:35.934146+00:00	Debian Importer	Fixing	VCID-3qfb-sxha-v3cw	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:10:25.307268+00:00	Debian Importer	Fixing	VCID-akrk-hjgk-5kbz	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:10:04.079016+00:00	Debian Importer	Fixing	VCID-c576-h945-7kby	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:10:03.926098+00:00	Debian Importer	Fixing	VCID-c6rx-p235-9bdz	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:05:03.716625+00:00	Debian Importer	Fixing	VCID-ruc1-kmaz-fkbb	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:03:40.819469+00:00	Debian Importer	Fixing	VCID-rg63-avu7-2bdc	https://security-tracker.debian.org/tracker/data/json	38.1.0