VulnerableCode Package Details - pkg:deb/debian/firefox@144.0-1?distro=sid

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4gsx-puz4-a3f1	Use-after-free in MediaTrackGraphImpl::GetInstance()	CVE-2025-11708
VCID-59wd-mtjt-4ban	Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	CVE-2025-11714
VCID-6jw1-pere-ruee	Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	CVE-2025-11715
VCID-ey7f-q2ks-g3fr	Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code.	CVE-2025-11721
VCID-kkgh-a9hg-fud8	A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process.	CVE-2025-11710
VCID-pzsj-b4vv-63g2	When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event	CVE-2025-11718
VCID-qeh2-jn2v-9ug7	A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures.	CVE-2025-11709
VCID-t9cw-yjar-ckfd	A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header.	CVE-2025-11712
VCID-tgsj-hp8b-27f9	There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable.	CVE-2025-11711

Vulnerability

Summary

Aliases

VCID-4gsx-puz4-a3f1

Use-after-free in MediaTrackGraphImpl::GetInstance()

CVE-2025-11708

VCID-59wd-mtjt-4ban

Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2025-11714

VCID-6jw1-pere-ruee

Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2025-11715

VCID-ey7f-q2ks-g3fr

Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code.

CVE-2025-11721

VCID-kkgh-a9hg-fud8

A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process.

CVE-2025-11710

VCID-pzsj-b4vv-63g2

When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event

CVE-2025-11718

VCID-qeh2-jn2v-9ug7

A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures.

CVE-2025-11709

VCID-t9cw-yjar-ckfd

A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header.

CVE-2025-11712

VCID-tgsj-hp8b-27f9

There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable.

CVE-2025-11711

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:52:22.584808+00:00	Debian Importer	Fixing	VCID-tgsj-hp8b-27f9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:39:33.795328+00:00	Debian Importer	Fixing	VCID-t9cw-yjar-ckfd	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:35:38.500940+00:00	Debian Importer	Fixing	VCID-59wd-mtjt-4ban	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:11:38.358116+00:00	Debian Importer	Fixing	VCID-kkgh-a9hg-fud8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:00:39.723985+00:00	Debian Importer	Fixing	VCID-ey7f-q2ks-g3fr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:32:45.355293+00:00	Debian Importer	Fixing	VCID-pzsj-b4vv-63g2	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:29:16.829614+00:00	Debian Importer	Fixing	VCID-6jw1-pere-ruee	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:26:13.387260+00:00	Debian Importer	Fixing	VCID-qeh2-jn2v-9ug7	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:41:14.186647+00:00	Debian Importer	Fixing	VCID-4gsx-puz4-a3f1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:28:17.879733+00:00	Debian Importer	Fixing	VCID-tgsj-hp8b-27f9	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:12:29.839062+00:00	Debian Importer	Fixing	VCID-t9cw-yjar-ckfd	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:09:29.448392+00:00	Debian Importer	Fixing	VCID-59wd-mtjt-4ban	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:51:03.011933+00:00	Debian Importer	Fixing	VCID-kkgh-a9hg-fud8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:42:41.916908+00:00	Debian Importer	Fixing	VCID-ey7f-q2ks-g3fr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:21:50.004180+00:00	Debian Importer	Fixing	VCID-pzsj-b4vv-63g2	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:19:38.283793+00:00	Debian Importer	Fixing	VCID-6jw1-pere-ruee	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:17:50.698489+00:00	Debian Importer	Fixing	VCID-qeh2-jn2v-9ug7	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:50:20.017281+00:00	Debian Importer	Fixing	VCID-4gsx-puz4-a3f1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:18:31.347017+00:00	Debian Importer	Fixing	VCID-tgsj-hp8b-27f9	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:18:15.907124+00:00	Debian Importer	Fixing	VCID-59wd-mtjt-4ban	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:14:06.373597+00:00	Debian Importer	Fixing	VCID-ey7f-q2ks-g3fr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:12:17.078589+00:00	Debian Importer	Fixing	VCID-t9cw-yjar-ckfd	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:10:21.614093+00:00	Debian Importer	Fixing	VCID-qeh2-jn2v-9ug7	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:07:15.616070+00:00	Debian Importer	Fixing	VCID-kkgh-a9hg-fud8	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:05:15.087254+00:00	Debian Importer	Fixing	VCID-6jw1-pere-ruee	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:05:11.344531+00:00	Debian Importer	Fixing	VCID-pzsj-b4vv-63g2	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:02:20.788819+00:00	Debian Importer	Fixing	VCID-4gsx-puz4-a3f1	https://security-tracker.debian.org/tracker/data/json	38.1.0