Search for packages
| purl | pkg:deb/debian/firefox-esr@128.8.0esr-1 |
| Tags | Ghost |
| Next non-vulnerable version | 128.11.0esr-1~deb12u1 |
| Latest non-vulnerable version | 128.11.0esr-1~deb12u1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-24bf-85ye-dqhp
Aliases: CVE-2024-11704 |
A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. |
Affected by 0 other vulnerabilities. |
|
VCID-8121-3cdm-ayc8
Aliases: CVE-2025-3030 |
firefox: thunderbird: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-9ru8-kjym-aaae
Aliases: CVE-2023-5217 GHSA-qqvq-6xgj-jw8g |
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-04-07T04:16:23.426158+00:00 | Debian Importer | Affected by | VCID-8121-3cdm-ayc8 | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-06T07:56:16.178216+00:00 | Debian Importer | Affected by | VCID-24bf-85ye-dqhp | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-03T23:13:22.493819+00:00 | Debian Importer | Affected by | VCID-9ru8-kjym-aaae | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |