Debian firefox Vulnerabilities
CVE security advisories and vulnerability history for firefox by Debian.
Last updated
Overview
Debian firefox has 1,942 published CVE records since 2005, of which 11 are in CISA's Known Exploited Vulnerabilities catalog and 144 have a known public exploit. The average CVSS base score across scored CVEs is 7.5.
This page aggregates every publicly disclosed vulnerability (CVE) affecting Debian firefox, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.
Severity and exploitation
How the CVSS severity of Debian firefox's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.
In CISA’s Known Exploited Vulnerabilities catalog
11
11 of Debian firefox's CVEs are confirmed exploited in the wild.
Public exploits
144
144 of Debian firefox's CVEs have a known public exploit available.
Affected versions and CVEs
Browse every Debian firefox version named in a CVE, then pick one to see only the CVEs that affect it.
Version ranges
- < 45.0-155 CVEs
- < 148.0-149 CVEs
- < 149.0-144 CVEs
- < 150.0-140 CVEs
- < 152.0-139 CVEs
- < 52.0.1-137 CVEs
- < 58.0-130 CVEs
- < 151.0-127 CVEs
- < 52.0-125 CVEs
- < 55.0-125 CVEs
- < 60.0-125 CVEs
- < 68.0-122 CVEs
- < 48.0-121 CVEs
- < 51.0-121 CVEs
- < 50.0-120 CVEs
- < 54.0-120 CVEs
- < 107.0-119 CVEs
- < 49.0-118 CVEs
- < 102.0-117 CVEs
- < 59.0-117 CVEs
- < 61.0-117 CVEs
- < 66.0-117 CVEs
- < 67.0-217 CVEs
- < 69.0-117 CVEs
- < 112.0-116 CVEs
- < 121.0-116 CVEs
- < 141.0-116 CVEs
- < 145.0-116 CVEs
- < 147.0-116 CVEs
- < 56.0-116 CVEs
- < 110.0-115 CVEs
- < 126.0-115 CVEs
- < 128.0-115 CVEs
- < 57.0-115 CVEs
- < 70.0-115 CVEs
- < 83.0-115 CVEs
- < 122.0-114 CVEs
- < 125.0.1-114 CVEs
- < 129.0-114 CVEs
- < 134.0-114 CVEs
- < 1.5.dfsg+1.5.0.2-213 CVEs
- < 1.5.dfsg+1.5.0.4-113 CVEs
- < 1.5.dfsg+1.5.0.5-113 CVEs
- < 115.0-113 CVEs
- < 127.0-113 CVEs
- < 146.0-113 CVEs
- < 50.1.0-113 CVEs
- < 96.0-113 CVEs
- < 99.0-113 CVEs
- < 101.0-112 CVEs
- < 116.0-112 CVEs
- < 123.0-112 CVEs
- < 47.0-112 CVEs
- < 63.0-112 CVEs
- < 74.0-112 CVEs
- < 88.0-112 CVEs
- < 1.5.dfsg+1.5.0.2-111 CVEs
- < 113.0-111 CVEs
- < 117.0-111 CVEs
- < 124.0-111 CVEs
- < 131.0-111 CVEs
- < 132.0-111 CVEs
- < 135.0-111 CVEs
- < 64.0-111 CVEs
- < 78.0-111 CVEs
- < 84.0-111 CVEs
- < 85.0-111 CVEs
- < 94.0-111 CVEs
- < 95.0-111 CVEs
- < 120.0-110 CVEs
- < 136.0-110 CVEs
- < 140.0-110 CVEs
- < 46.0-110 CVEs
- < 86.0-110 CVEs
- < 91.0-110 CVEs
- < 1.5.dfsg+1.5.0.7-19 CVEs
- < 106.0-19 CVEs
- < 111.0-19 CVEs
- < 119.0-19 CVEs
- < 139.0-19 CVEs
- < 143.0-19 CVEs
- < 144.0-19 CVEs
- < 79.0-19 CVEs
- < 80.0-19 CVEs
- < 87.0-19 CVEs
- < 97.0-19 CVEs
- < 1.5.dfsg+1.5.0.1-18 CVEs
- < 100.0-18 CVEs
- < 105.0-18 CVEs
- < 109.0-18 CVEs
- < 130.0-18 CVEs
- < 133.0-18 CVEs
- < 142.0-18 CVEs
- < 62.0-18 CVEs
- < 71.0-18 CVEs
- < 76.0-18 CVEs
- < 77.0-18 CVEs
- < 93.0-18 CVEs
- < 108.0-17 CVEs
- < 118.0-17 CVEs
- < 137.0-17 CVEs
- < 138.0-17 CVEs
- < 65.0-17 CVEs
- < 72.0-17 CVEs
- < 82.0-17 CVEs
- < 90.0-17 CVEs
- < 98.0-17 CVEs
- < 103.0-16 CVEs
- < 75.0-16 CVEs
- < 81.0-16 CVEs
- < 104.0-15 CVEs
- < 149.0.2-15 CVEs
- < 150.0.3-15 CVEs
- < 89.0-15 CVEs
- < 114.0-14 CVEs
- < 150.0.1-14 CVEs
- < 73.0-14 CVEs
- < 1.5.dfsg-13 CVEs
- < 150.0.2-13 CVEs
- < 65.0.1-13 CVEs
- < 92.0-13 CVEs
- < 1.5.0.22 CVEs
- < 1.5.dfsg+1.5.0.22 CVEs
- < 100.0.2-12 CVEs
- < 124.0.1-12 CVEs
- < 138.0.4-12 CVEs
- < 139.0.4-12 CVEs
- < 143.0.3-12 CVEs
- < 146.0.1-12 CVEs
- < 147.0.2-12 CVEs
- < 148.0.2-12 CVEs
- < 151.0.3-12 CVEs
- < 152.0.6-12 CVEs
- < 50.0.2-12 CVEs
- < 57.0.1-12 CVEs
- < 59.0.1-12 CVEs
- < 62.0.3-12 CVEs
- < 66.0.1-12 CVEs
- < 74.0.1-12 CVEs
- < 1.51 CVE
- < 1.5.0.2-11 CVE
- < 1.5.dfsg+1.5.0.3-11 CVE
- < 1.5.dfsg+1.5.0.3-21 CVE
- < 1.5.dfsg+1.5.0.41 CVE
- < 1.5.dfsg+1.5.0.6-11 CVE
- < 115.0.2-11 CVE
- < 117.0.1-11 CVE
- < 131.0.2-11 CVE
- < 131.0.3-11 CVE
- < 135.0.1-11 CVE
- < 137.0.2-11 CVE
- < 144.0.2-11 CVE
- < 147.0.4-11 CVE
- < 152.0.4-11 CVE
- < 58.0.1-11 CVE
- < 59.0.2-11 CVE
- < 60.0.2-11 CVE
- < 62.0.2-11 CVE
- < 67.0.3-11 CVE
- < 67.0.4-11 CVE
- < 68.0.2-11 CVE
- < 69.0.1-11 CVE
- < 72.0.1-11 CVE
- < 78.0.2-11 CVE
- < 82.0.3-11 CVE
- < 84.0.2-11 CVE
- < 88.0.1-11 CVE
- < 91.0.1-11 CVE
Fixed in
- 45.0-155 CVEs
- 148.0-149 CVEs
- 149.0-144 CVEs
- 150.0-140 CVEs
- 152.0-139 CVEs
- 52.0.1-137 CVEs
- 58.0-130 CVEs
- 151.0-127 CVEs
- 52.0-125 CVEs
- 55.0-125 CVEs
- 60.0-125 CVEs
- 68.0-122 CVEs
- 48.0-121 CVEs
- 51.0-121 CVEs
- 50.0-120 CVEs
- 54.0-120 CVEs
- 107.0-119 CVEs
- 49.0-118 CVEs
- 102.0-117 CVEs
- 59.0-117 CVEs
- 61.0-117 CVEs
- 66.0-117 CVEs
- 67.0-217 CVEs
- 69.0-117 CVEs
- 112.0-116 CVEs
- 121.0-116 CVEs
- 141.0-116 CVEs
- 145.0-116 CVEs
- 147.0-116 CVEs
- 56.0-116 CVEs
- 110.0-115 CVEs
- 126.0-115 CVEs
- 128.0-115 CVEs
- 57.0-115 CVEs
- 70.0-115 CVEs
- 83.0-115 CVEs
- 122.0-114 CVEs
- 125.0.1-114 CVEs
- 129.0-114 CVEs
- 134.0-114 CVEs
- 1.5.dfsg+1.5.0.2-213 CVEs
- 1.5.dfsg+1.5.0.4-113 CVEs
- 1.5.dfsg+1.5.0.5-113 CVEs
- 115.0-113 CVEs
- 127.0-113 CVEs
- 146.0-113 CVEs
- 50.1.0-113 CVEs
- 96.0-113 CVEs
- 99.0-113 CVEs
- 101.0-112 CVEs
- 116.0-112 CVEs
- 123.0-112 CVEs
- 47.0-112 CVEs
- 63.0-112 CVEs
- 74.0-112 CVEs
- 88.0-112 CVEs
- 1.5.dfsg+1.5.0.2-111 CVEs
- 113.0-111 CVEs
- 117.0-111 CVEs
- 124.0-111 CVEs
- 131.0-111 CVEs
- 132.0-111 CVEs
- 135.0-111 CVEs
- 64.0-111 CVEs
- 78.0-111 CVEs
- 84.0-111 CVEs
- 85.0-111 CVEs
- 94.0-111 CVEs
- 95.0-111 CVEs
- 120.0-110 CVEs
- 136.0-110 CVEs
- 140.0-110 CVEs
- 46.0-110 CVEs
- 86.0-110 CVEs
- 91.0-110 CVEs
- 1.5.dfsg+1.5.0.7-19 CVEs
- 106.0-19 CVEs
- 111.0-19 CVEs
- 119.0-19 CVEs
- 139.0-19 CVEs
- 143.0-19 CVEs
- 144.0-19 CVEs
- 79.0-19 CVEs
- 80.0-19 CVEs
- 87.0-19 CVEs
- 97.0-19 CVEs
- 1.5.dfsg+1.5.0.1-18 CVEs
- 100.0-18 CVEs
- 105.0-18 CVEs
- 109.0-18 CVEs
- 130.0-18 CVEs
- 133.0-18 CVEs
- 142.0-18 CVEs
- 62.0-18 CVEs
- 71.0-18 CVEs
- 76.0-18 CVEs
- 77.0-18 CVEs
- 93.0-18 CVEs
- 108.0-17 CVEs
- 118.0-17 CVEs
- 137.0-17 CVEs
- 138.0-17 CVEs
- 65.0-17 CVEs
- 72.0-17 CVEs
- 82.0-17 CVEs
- 90.0-17 CVEs
- 98.0-17 CVEs
- 103.0-16 CVEs
- 75.0-16 CVEs
- 81.0-16 CVEs
- 104.0-15 CVEs
- 149.0.2-15 CVEs
- 150.0.3-15 CVEs
- 89.0-15 CVEs
- 114.0-14 CVEs
- 150.0.1-14 CVEs
- 73.0-14 CVEs
- 1.5.dfsg-13 CVEs
- 150.0.2-13 CVEs
- 65.0.1-13 CVEs
- 92.0-13 CVEs
- 1.5.0.22 CVEs
- 1.5.dfsg+1.5.0.22 CVEs
- 100.0.2-12 CVEs
- 124.0.1-12 CVEs
- 138.0.4-12 CVEs
- 139.0.4-12 CVEs
- 143.0.3-12 CVEs
- 146.0.1-12 CVEs
- 147.0.2-12 CVEs
- 148.0.2-12 CVEs
- 151.0.3-12 CVEs
- 152.0.6-12 CVEs
- 50.0.2-12 CVEs
- 57.0.1-12 CVEs
- 59.0.1-12 CVEs
- 62.0.3-12 CVEs
- 66.0.1-12 CVEs
- 74.0.1-12 CVEs
- 1.51 CVE
- 1.5.0.2-11 CVE
- 1.5.dfsg+1.5.0.3-11 CVE
- 1.5.dfsg+1.5.0.3-21 CVE
- 1.5.dfsg+1.5.0.41 CVE
- 1.5.dfsg+1.5.0.6-11 CVE
- 115.0.2-11 CVE
- 117.0.1-11 CVE
- 131.0.2-11 CVE
- 131.0.3-11 CVE
- 135.0.1-11 CVE
- 137.0.2-11 CVE
- 144.0.2-11 CVE
- 147.0.4-11 CVE
- 152.0.4-11 CVE
- 58.0.1-11 CVE
- 59.0.2-11 CVE
- 60.0.2-11 CVE
- 62.0.2-11 CVE
- 67.0.3-11 CVE
- 67.0.4-11 CVE
- 68.0.2-11 CVE
- 69.0.1-11 CVE
- 72.0.1-11 CVE
- 78.0.2-11 CVE
- 82.0.3-11 CVE
- 84.0.2-11 CVE
- 88.0.1-11 CVE
- 91.0.1-11 CVE
1,942 CVEs
- Site isolation in the DOM: Navigation componentCVE-2026-15719PatchMedium · CVSS 5.4EPSS 0.1% (3th pct)2026-07-14
- Medium · CVSS 4.3EPSS 0.2% (5th pct)2026-07-14
- Critical · CVSS 9.8EPSS 0.2% (14th pct)2026-06-30
- Medium · CVSS 4.3EPSS 0.1% (1th pct)2026-06-16
- Medium · CVSS 6.5EPSS 0.1% (1th pct)2026-06-16
- High · CVSS 8.1EPSS 0.5% (38th pct)2026-06-16
- High · CVSS 8.1EPSS 0.4% (33th pct)2026-06-16
- High · CVSS 8.1EPSS 0.3% (16th pct)2026-06-16
- Medium · CVSS 6.5EPSS 0.2% (13th pct)2026-06-16
- High · CVSS 7.3EPSS 0.2% (11th pct)2026-06-16
- Medium · CVSS 5.4EPSS 0.2% (6th pct)2026-06-16
- Medium · CVSS 5.4EPSS 0.2% (6th pct)2026-06-16
- Medium · CVSS 5.4EPSS 0.2% (5th pct)2026-06-16
- Medium · CVSS 4.3EPSS 0.2% (8th pct)2026-06-16
- Medium · CVSS 6.5EPSS 0.2% (11th pct)2026-06-16
- High · CVSS 7.3EPSS 0.3% (18th pct)2026-06-16
- High · CVSS 7.5EPSS 0.3% (21th pct)2026-06-16
- Critical · CVSS 9.1EPSS 0.2% (16th pct)2026-06-16
- Critical · CVSS 9.1EPSS 0.3% (16th pct)2026-06-16
- High · CVSS 7.5EPSS 0.3% (17th pct)2026-06-16
- Medium · CVSS 4.7EPSS 0.2% (7th pct)2026-06-16
- High · CVSS 7.5EPSS 0.3% (17th pct)2026-06-16
- Medium · CVSS 4.7EPSS 0.2% (8th pct)2026-06-16
- High · CVSS 7.5EPSS 0.3% (17th pct)2026-06-16
- Medium · CVSS 6.5EPSS 0.2% (14th pct)2026-06-16
- Medium · CVSS 5.3EPSS 0.3% (18th pct)2026-06-16
- Medium · CVSS 5.3EPSS 0.3% (18th pct)2026-06-16
- Medium · CVSS 5.3EPSS 0.3% (18th pct)2026-06-16
- High · CVSS 7.5EPSS 0.4% (30th pct)2026-06-16
- Critical · CVSS 9.1EPSS 0.2% (9th pct)2026-06-16
Showing 30 of 1,942
Common weakness types
The CWE weakness categories most often found in Debian firefox CVEs. Follow any weakness for its full explanation.
- CWE-416Use After Free106 CVEs
- CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer84 CVEs
- CWE-787Out-of-bounds Write67 CVEs
- CWE-1021Improper Restriction of Rendered UI Layers or Frames27 CVEs
- CWE-693Protection Mechanism Failure26 CVEs
- CWE-200Exposure of Sensitive Information to an Unauthorized Actor25 CVEs
- CWE-125Out-of-bounds Read24 CVEs
- CWE-754Improper Check for Unusual or Exceptional Conditions23 CVEs
Disclosure activity by year
How many Debian firefox CVEs were published each year.
Other Debian products
Browse vulnerabilities for other products by Debian.
Frequently asked questions
Common questions about Debian firefox vulnerabilities.
- How many CVEs does Debian firefox have?
- Debian firefox has 1,942 published CVE records since 2005.
- How many Debian firefox CVEs are in CISA KEV?
- Yes — 11 of Debian firefox's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Are there public exploits for Debian firefox vulnerabilities?
- Yes — 144 of Debian firefox's CVEs have a known public exploit.
- Which versions of Debian firefox are affected?
- 336 distinct Debian firefox versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.
- What are the most common weakness types in Debian firefox CVEs?
- Debian firefox's CVEs most often map to these CWE weakness types: CWE-416 (Use After Free), CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-787 (Out-of-bounds Write), CWE-1021 (Improper Restriction of Rendered UI Layers or Frames).
- How many critical Debian firefox vulnerabilities are there?
- Debian firefox has 412 critical and 775 high-severity CVEs.
- What is the average severity of Debian firefox CVEs?
- The average CVSS base score across Debian firefox's scored CVEs is 7.5.
References
- All Debian vulnerabilities
- The MITRE CVE Program (opens in a new tab)
- Learn: What is a CVE?
- CWE directory: the weakness types these CVEs map to
Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.
Track Debian firefox vulnerabilities
Monitor new Debian firefox vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.