Search for packages
| purl | pkg:deb/debian/firefox-esr@128.10.0esr-1~deb12u1 |
| Next non-vulnerable version | 128.11.0esr-1~deb12u1 |
| Latest non-vulnerable version | 128.11.0esr-1~deb12u1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9ru8-kjym-aaae
Aliases: CVE-2023-5217 GHSA-qqvq-6xgj-jw8g |
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-wf3e-41zq-a3h1
Aliases: CVE-2025-5283 |
Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-8h5s-cdt9-guh9 | Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird ESR < 128.10. |
CVE-2025-4091
|
| VCID-92ju-8t11-sqf7 | A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird ESR < 128.10. |
CVE-2025-4087
|
| VCID-9ru8-kjym-aaae | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
CVE-2023-5217
GHSA-qqvq-6xgj-jw8g |
| VCID-qdcz-15x5-6qfp | A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. |
CVE-2025-4083
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T19:39:34.851230+00:00 | Debian Importer | Affected by | VCID-9ru8-kjym-aaae | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-21T03:53:45.656073+00:00 | Debian Importer | Affected by | VCID-wf3e-41zq-a3h1 | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-01T07:25:53.075738+00:00 | Debian Importer | Affected by | VCID-9ru8-kjym-aaae | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-05-31T18:28:22.029253+00:00 | Debian Importer | Affected by | VCID-wf3e-41zq-a3h1 | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-05-15T19:56:33.266587+00:00 | Debian Importer | Fixing | VCID-8h5s-cdt9-guh9 | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-05-15T01:56:27.931285+00:00 | Debian Importer | Fixing | VCID-9ru8-kjym-aaae | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-05-04T06:36:54.001138+00:00 | Debian Importer | Fixing | VCID-qdcz-15x5-6qfp | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-05-04T05:58:57.585097+00:00 | Debian Importer | Fixing | VCID-92ju-8t11-sqf7 | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |