Homepage

firefox vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the firefox package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
CVE-2024-11699

<0:128.5.1-1.el8_10
  • H
CVE-2024-11697

<0:128.5.1-1.el8_10
  • H
CVE-2024-11696

<0:128.5.1-1.el8_10
  • H
CVE-2024-11695

<0:128.5.1-1.el8_10
  • H
CVE-2024-11694

<0:128.5.1-1.el8_10
  • H
CVE-2024-11692

<0:128.5.1-1.el8_10
  • M
Out-of-bounds Write

<0:128.4.0-1.el8_10
  • M
CVE-2024-10466

<0:128.4.0-1.el8_10
  • M
Authentication Bypass

<0:128.4.0-1.el8_10
  • M
Out-of-bounds Read

<0:128.4.0-1.el8_10
  • M
Information Exposure

<0:128.4.0-1.el8_10
  • M
Authentication Bypass

<0:128.4.0-1.el8_10
  • M
Cross-site Scripting (XSS)

<0:128.4.0-1.el8_10
  • M
CVE-2024-10460

<0:128.4.0-1.el8_10
  • M
Use After Free

<0:128.4.0-1.el8_10
  • M
CVE-2024-10458

<0:128.4.0-1.el8_10
  • H
Use After Free

<0:128.3.1-2.el8_10.alma.1
  • H
CVE-2024-9402

<0:128.3.0-1.el8_10.alma.1
  • H
CVE-2024-9401

<0:128.3.0-1.el8_10.alma.1
  • H
CVE-2024-9400

<0:128.3.0-1.el8_10.alma.1
  • H
CVE-2024-9399

<0:128.3.0-1.el8_10.alma.1
  • H
CVE-2024-9398

<0:128.3.0-1.el8_10.alma.1
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:128.3.0-1.el8_10.alma.1
  • H
CVE-2024-9396

<0:128.3.0-1.el8_10.alma.1
  • H
CVE-2024-9394

<0:128.3.0-1.el8_10.alma.1
  • H
CVE-2024-9393

<0:128.3.0-1.el8_10.alma.1
  • H
CVE-2024-9392

<0:128.3.0-1.el8_10.alma.1
  • H
CVE-2024-8900

<0:128.3.0-1.el8_10.alma.1
  • H
Out-of-bounds Write

<0:128.2.0-1.el8_10.alma.1
  • H
Open Redirect

<0:128.2.0-1.el8_10.alma.1
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<0:128.2.0-1.el8_10.alma.1
  • H
Out-of-bounds Write

<0:128.2.0-1.el8_10.alma.1
  • H
CVE-2024-8383

<0:128.2.0-1.el8_10.alma.1
  • H
CVE-2024-8382

<0:128.2.0-1.el8_10.alma.1
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<0:128.2.0-1.el8_10.alma.1
  • H
CVE-2024-7652

<0:128.2.0-1.el8_10.alma.1
  • H
CVE-2024-7529

<0:115.14.0-2.el8_10.alma.1
  • H
Use After Free

<0:115.14.0-2.el8_10.alma.1
  • H
Use After Free

<0:115.14.0-2.el8_10.alma.1
  • H
Use of Uninitialized Resource

<0:115.14.0-2.el8_10.alma.1
  • H
Incorrect Default Permissions

<0:115.14.0-2.el8_10.alma.1
  • H
Cross-site Scripting (XSS)

<0:115.14.0-2.el8_10.alma.1
  • H
Out-of-bounds Read

<0:115.14.0-2.el8_10.alma.1
  • H
Improper Handling of Exceptional Conditions

<0:115.14.0-2.el8_10.alma.1
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<0:115.14.0-2.el8_10.alma.1
  • H
Out-of-bounds Write

<0:115.14.0-2.el8_10.alma.1
  • H
CVE-2024-7518

<0:115.14.0-2.el8_10.alma.1
  • H
CVE-2024-6604

<0:115.13.0-3.el8_10.alma.1
  • H
CVE-2024-6603

<0:115.13.0-3.el8_10.alma.1
  • H
CVE-2024-6601

<0:115.13.0-3.el8_10.alma.1
  • M
CVE-2024-4777

<0:115.11.0-1.el8_10.alma.1
  • M
CVE-2024-4770

<0:115.11.0-1.el8_10.alma.1
  • M
CVE-2024-4769

<0:115.11.0-1.el8_10.alma.1
  • M
CVE-2024-4768

<0:115.11.0-1.el8_10.alma.1
  • M
CVE-2024-4767

<0:115.11.0-1.el8_10.alma.1
  • M
CVE-2024-4367

<0:115.11.0-1.el8_10.alma.1
  • H
CVE-2024-5702

<0:115.12.0-1.el8_10.alma.1
  • H
CVE-2024-5700

<0:115.12.0-1.el8_10.alma.1
  • H
CVE-2024-5696

<0:115.12.0-1.el8_10.alma.1
  • H
CVE-2024-5693

<0:115.12.0-1.el8_10.alma.1
  • H
CVE-2024-5691

<0:115.12.0-1.el8_10.alma.1
  • H
Information Exposure

<0:115.12.0-1.el8_10.alma.1
  • H
CVE-2024-5688

<0:115.12.0-1.el8_10.alma.1
  • H
CVE-2024-3864

<0:115.10.0-1.el8_9.alma.1
  • H
CVE-2024-3861

<0:115.10.0-1.el8_9.alma.1
  • H
CVE-2024-3859

<0:115.10.0-1.el8_9.alma.1
  • H
CVE-2024-3857

<0:115.10.0-1.el8_9.alma.1
  • H
CVE-2024-3854

<0:115.10.0-1.el8_9.alma.1
  • H
CVE-2024-3852

<0:115.10.0-1.el8_9.alma.1
  • H
CVE-2024-2609

<0:115.10.0-1.el8_9.alma.1
  • C
CVE-2024-29944

<0:115.9.1-1.el8_9.alma.1
  • C
CVE-2024-2616

<0:115.9.1-1.el8_9.alma.1
  • C
CVE-2024-2614

<0:115.9.1-1.el8_9.alma.1
  • C
CVE-2024-2612

<0:115.9.1-1.el8_9.alma.1
  • C
CVE-2024-2611

<0:115.9.1-1.el8_9.alma.1
  • C
CVE-2024-2610

<0:115.9.1-1.el8_9.alma.1
  • C
CVE-2024-2608

<0:115.9.1-1.el8_9.alma.1
  • C
CVE-2024-2607

<0:115.9.1-1.el8_9.alma.1
  • C
Unchecked Return Value

<0:115.9.1-1.el8_9.alma.1
  • C
CVE-2023-5388

<0:115.9.1-1.el8_9.alma.1
  • H
CVE-2024-1553

<0:115.8.0-1.el8_9.alma
  • H
Incorrect Conversion between Numeric Types

<0:115.8.0-1.el8_9.alma
  • H
CVE-2024-1551

<0:115.8.0-1.el8_9.alma
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:115.8.0-1.el8_9.alma
  • H
CVE-2024-1549

<0:115.8.0-1.el8_9.alma
  • H
CVE-2024-1548

<0:115.8.0-1.el8_9.alma
  • H
CVE-2024-1547

<0:115.8.0-1.el8_9.alma
  • H
CVE-2024-1546

<0:115.8.0-1.el8_9.alma
  • H
CVE-2024-0755

<0:115.7.0-1.el8_9.alma.1
  • H
CVE-2024-0753

<0:115.7.0-1.el8_9.alma.1
  • H
Improper Privilege Management

<0:115.7.0-1.el8_9.alma.1
  • H
CVE-2024-0750

<0:115.7.0-1.el8_9.alma.1
  • H
Origin Validation Error

<0:115.7.0-1.el8_9.alma.1
  • H
CVE-2024-0747

<0:115.7.0-1.el8_9.alma.1
  • H
CVE-2024-0746

<0:115.7.0-1.el8_9.alma.1
  • H
CVE-2024-0742

<0:115.7.0-1.el8_9.alma.1
  • H
Out-of-bounds Write

<0:115.7.0-1.el8_9.alma.1
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:115.6.0-1.el8_9.alma
  • H
CVE-2023-6865

<0:115.6.0-1.el8_9.alma
  • H
Out-of-bounds Write

<0:115.6.0-1.el8_9.alma
  • H
CVE-2023-6863

<0:115.6.0-1.el8_9.alma
  • H
Use After Free

<0:115.6.0-1.el8_9.alma
  • H
Out-of-bounds Write

<0:115.6.0-1.el8_9.alma
  • H
CVE-2023-6860

<0:115.6.0-1.el8_9.alma
  • H
Use After Free

<0:115.6.0-1.el8_9.alma
  • H
Out-of-bounds Write

<0:115.6.0-1.el8_9.alma
  • H
Race Condition

<0:115.6.0-1.el8_9.alma
  • H
Out-of-bounds Write

<0:115.6.0-1.el8_9.alma
  • H
Out-of-bounds Write

<0:115.5.0-1.el8_9.alma.1
  • H
Directory Traversal

<0:115.5.0-1.el8_9.alma.1
  • H
CVE-2023-6208

<0:115.5.0-1.el8_9.alma.1
  • H
Use After Free

<0:115.5.0-1.el8_9.alma.1
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:115.5.0-1.el8_9.alma.1
  • H
Use After Free

<0:115.5.0-1.el8_9.alma.1
  • H
Out-of-bounds Read

<0:115.5.0-1.el8_9.alma.1
  • H
CVE-2023-5732

<0:115.4.0-1.el8_8.alma.1
  • H
Out-of-bounds Write

<0:115.4.0-1.el8_8.alma.1
  • H
CVE-2023-5728

<0:115.4.0-1.el8_8.alma.1
  • H
CVE-2023-5725

<0:115.4.0-1.el8_8.alma.1
  • H
CVE-2023-5724

<0:115.4.0-1.el8_8.alma.1
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:115.4.0-1.el8_8.alma.1
  • H
Improper Handling of Exceptional Conditions

<0:115.4.0-1.el8_8.alma.1
  • H
Out-of-bounds Write

<0:102.15.1-1.el8_8.alma
  • H
Out-of-bounds Write

<0:102.15.0-1.el8_8.alma
  • H
Out-of-bounds Write

<0:102.15.0-1.el8_8.alma
  • H
CVE-2023-4583

<0:102.15.0-1.el8_8.alma
  • H
CVE-2023-4581

<0:102.15.0-1.el8_8.alma
  • H
Missing Encryption of Sensitive Data

<0:102.15.0-1.el8_8.alma
  • H
Allocation of Resources Without Limits or Throttling

<0:102.15.0-1.el8_8.alma
  • H
CVE-2023-4577

<0:102.15.0-1.el8_8.alma
  • H
Use After Free

<0:102.15.0-1.el8_8.alma
  • H
Use After Free

<0:102.15.0-1.el8_8.alma
  • H
Use After Free

<0:102.15.0-1.el8_8.alma
  • H
Link Following

<0:102.15.0-1.el8_8.alma
  • H
CVE-2023-4051

<0:102.15.0-1.el8_8.alma
  • H
Out-of-bounds Write

<0:102.14.0-1.el8_8.alma
  • H
Out-of-bounds Write

<0:102.14.0-1.el8_8.alma
  • H
CVE-2023-4055

<0:102.14.0-1.el8_8.alma
  • H
Out-of-bounds Write

<0:102.14.0-1.el8_8.alma
  • H
Race Condition

<0:102.14.0-1.el8_8.alma
  • H
Out-of-bounds Read

<0:102.14.0-1.el8_8.alma
  • H
CVE-2023-4047

<0:102.14.0-1.el8_8.alma
  • H
CVE-2023-4046

<0:102.14.0-1.el8_8.alma
  • H
Origin Validation Error

<0:102.14.0-1.el8_8.alma
  • H
Out-of-bounds Write

<0:102.13.0-2.el8_8.alma
  • H
CVE-2023-37208

<0:102.13.0-2.el8_8.alma
  • H
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

<0:102.13.0-2.el8_8.alma
  • H
Use After Free

<0:102.13.0-2.el8_8.alma
  • H
Use After Free

<0:102.13.0-2.el8_8.alma
  • H
Out-of-bounds Write

<0:102.12.0-1.el8_8.alma
  • H
Improper Certificate Validation

<0:102.12.0-1.el8_8.alma
  • H
Out-of-bounds Write

<0:102.5.0-1.el8_7.alma
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:102.5.0-1.el8_7.alma
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:102.5.0-1.el8_7.alma
  • H
Information Exposure

<0:102.5.0-1.el8_7.alma
  • H
Link Following

<0:102.5.0-1.el8_7.alma
  • H
Cross-site Scripting (XSS)

<0:102.5.0-1.el8_7.alma
  • H
CVE-2022-45410

<0:102.5.0-1.el8_7.alma
  • H
Use After Free

<0:102.5.0-1.el8_7.alma
  • H
CVE-2022-45408

<0:102.5.0-1.el8_7.alma
  • H
Use After Free

<0:102.5.0-1.el8_7.alma
  • H
Use After Free

<0:102.5.0-1.el8_7.alma
  • H
CVE-2022-45404

<0:102.5.0-1.el8_7.alma
  • H
Information Exposure

<0:102.5.0-1.el8_7.alma
  • H
Out-of-bounds Write

<0:102.7.0-1.el8_7.alma
  • H
CVE-2023-23603

<0:102.7.0-1.el8_7.alma
  • H
Improper Check for Unusual or Exceptional Conditions

<0:102.7.0-1.el8_7.alma
  • H
Origin Validation Error

<0:102.7.0-1.el8_7.alma
  • H
Improper Encoding or Escaping of Output

<0:102.7.0-1.el8_7.alma
  • H
CVE-2023-23598

<0:102.7.0-1.el8_7.alma
  • H
CVE-2022-46877

<0:102.7.0-1.el8_7.alma
  • H
CVE-2022-46871

<0:102.7.0-1.el8_7.alma
  • H
CVE-2022-36319

<0:91.12.0-2.el8_6.alma
  • H
Race Condition

<0:91.12.0-2.el8_6.alma
  • H
Out-of-bounds Write

<0:91.12.0-2.el8_6.alma
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:91.4.0-1.el8_5.alma
  • H
Excessive Iteration

<0:91.4.0-1.el8_5.alma
  • H
Cross-site Scripting (XSS)

<0:91.4.0-1.el8_5.alma
  • H
Information Exposure

<0:91.4.0-1.el8_5.alma
  • H
CVE-2021-43541

<0:91.4.0-1.el8_5.alma
  • H
Use After Free

<0:91.4.0-1.el8_5.alma
  • H
Race Condition

<0:91.4.0-1.el8_5.alma
  • H
Incorrect Type Conversion or Cast

<0:91.4.0-1.el8_5.alma
  • H
Information Exposure

<0:91.4.0-1.el8_5.alma
  • H
Use After Free

<0:102.6.0-1.el8_7.alma
  • H
Out-of-bounds Write

<0:102.6.0-1.el8_7.alma
  • H
Use After Free

<0:102.6.0-1.el8_7.alma
  • H
Out-of-bounds Write

<0:102.6.0-1.el8_7.alma
  • H
CVE-2022-46874

<0:102.6.0-1.el8_7.alma
  • H
CVE-2022-46872

<0:102.6.0-1.el8_7.alma
  • H
CVE-2023-29550

<0:102.10.0-1.el8_7.alma
  • H
CVE-2023-29548

<0:102.10.0-1.el8_7.alma
  • H
Improper Encoding or Escaping of Output

<0:102.10.0-1.el8_7.alma
  • H
NULL Pointer Dereference

<0:102.10.0-1.el8_7.alma
  • H
Use After Free

<0:102.10.0-1.el8_7.alma
  • H
CVE-2023-29535

<0:102.10.0-1.el8_7.alma
  • H
CVE-2023-29533

<0:102.10.0-1.el8_7.alma
  • H
Out-of-bounds Write

<0:102.10.0-1.el8_7.alma
  • H
Out-of-bounds Write

<0:102.4.0-1.el8_6.alma
  • H
CVE-2022-42929

<0:102.4.0-1.el8_6.alma
  • H
NULL Pointer Dereference

<0:102.4.0-1.el8_6.alma
  • H
Origin Validation Error

<0:102.4.0-1.el8_6.alma
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<0:91.9.1-1.el8_6.alma
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<0:91.9.1-1.el8_6.alma
  • H
Out-of-bounds Write

<0:102.8.0-2.el8_7.alma
  • H
Out-of-bounds Write

<0:102.8.0-2.el8_7.alma
  • H
Authentication Bypass

<0:102.8.0-2.el8_7.alma
  • H
CVE-2023-25742

<0:102.8.0-2.el8_7.alma
  • H
Use After Free

<0:102.8.0-2.el8_7.alma
  • H
CVE-2023-25737

<0:102.8.0-2.el8_7.alma
  • H
Use After Free

<0:102.8.0-2.el8_7.alma
  • H
Out-of-bounds Write

<0:102.8.0-2.el8_7.alma
  • H
CVE-2023-25730

<0:102.8.0-2.el8_7.alma
  • H
CVE-2023-25729

<0:102.8.0-2.el8_7.alma
  • H
CVE-2023-25728

<0:102.8.0-2.el8_7.alma
  • H
Out-of-bounds Write

<0:91.5.0-1.el8_5.alma
  • H
CVE-2022-22748

<0:91.5.0-1.el8_5.alma
  • H
Improper Certificate Validation

<0:91.5.0-1.el8_5.alma
  • H
CVE-2022-22745

<0:91.5.0-1.el8_5.alma
  • H
CVE-2022-22743

<0:91.5.0-1.el8_5.alma
  • H
Out-of-bounds Read

<0:91.5.0-1.el8_5.alma
  • H
CVE-2022-22741

<0:91.5.0-1.el8_5.alma
  • H
Use After Free

<0:91.5.0-1.el8_5.alma
  • H
CVE-2022-22739

<0:91.5.0-1.el8_5.alma
  • H
Out-of-bounds Write

<0:91.5.0-1.el8_5.alma
  • H
Race Condition

<0:91.5.0-1.el8_5.alma
  • H
XML Injection

<0:91.5.0-1.el8_5.alma
  • H
Use After Free

<0:102.3.0-7.el8_6.alma
  • H
Out-of-bounds Write

<0:102.9.0-3.el8_7.alma
  • H
CVE-2023-28164

<0:102.9.0-3.el8_7.alma
  • H
Incorrect Type Conversion or Cast

<0:102.9.0-3.el8_7.alma
  • H
CVE-2023-25752

<0:102.9.0-3.el8_7.alma
  • H
CVE-2023-25751

<0:102.9.0-3.el8_7.alma
  • H
Out-of-bounds Write

<0:91.9.0-1.el8_5.alma
  • H
CVE-2022-29916

<0:91.9.0-1.el8_5.alma
  • H
CVE-2022-29914

<0:91.9.0-1.el8_5.alma
  • H
Open Redirect

<0:91.9.0-1.el8_5.alma
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:91.9.0-1.el8_5.alma
  • H
Incorrect Default Permissions

<0:91.9.0-1.el8_5.alma
  • C
Use After Free

<0:91.7.0-3.el8_5.alma
  • C
Use After Free

<0:91.7.0-3.el8_5.alma
  • C
Time-of-check Time-of-use (TOCTOU)

<0:91.7.0-3.el8_5.alma
  • C
CVE-2022-26386

<0:91.7.0-3.el8_5.alma
  • C
CVE-2022-26384

<0:91.7.0-3.el8_5.alma
  • C
CVE-2022-26383

<0:91.7.0-3.el8_5.alma
  • C
Use After Free

<0:91.7.0-3.el8_5.alma
  • H
Out-of-bounds Write

<0:102.3.0-6.el8_6.alma
  • H
Use After Free

<0:102.3.0-6.el8_6.alma
  • H
Insecure Storage of Sensitive Information

<0:102.3.0-6.el8_6.alma
  • H
Arbitrary Code Injection

<0:102.3.0-6.el8_6.alma
  • H
CVE-2022-40957

<0:102.3.0-6.el8_6.alma
  • H
Cross-site Scripting (XSS)

<0:102.3.0-6.el8_6.alma
  • H
Out-of-bounds Write

<0:91.8.0-1.el8_5.alma
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:91.8.0-1.el8_5.alma
  • H
Out-of-bounds Read

<0:91.8.0-1.el8_5.alma
  • H
Use After Free

<0:91.8.0-1.el8_5.alma
  • H
Out-of-bounds Write

<0:91.8.0-1.el8_5.alma
  • H
Inefficient Regular Expression Complexity

<0:91.8.0-1.el8_5.alma
  • H
Use After Free

<0:91.8.0-1.el8_5.alma
  • H
Use After Free

<0:91.8.0-1.el8_5.alma
  • H
Out-of-bounds Write

<0:91.6.0-1.el8_5.alma
  • H
CVE-2022-22763

<0:91.6.0-1.el8_5.alma
  • H
CVE-2022-22761

<0:91.6.0-1.el8_5.alma
  • H
Information Exposure

<0:91.6.0-1.el8_5.alma
  • H
CVE-2022-22759

<0:91.6.0-1.el8_5.alma
  • H
CVE-2022-22756

<0:91.6.0-1.el8_5.alma
  • H
Incorrect Authorization

<0:91.6.0-1.el8_5.alma
  • H
CVE-2023-0767

<0:102.8.0-2.el8_7.alma
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:91.3.0-1.el8_4.alma
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:91.3.0-1.el8_4.alma
  • H
Origin Validation Error

<0:91.3.0-1.el8_4.alma
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:91.3.0-1.el8_4.alma
  • H
Use After Free

<0:91.3.0-1.el8_4.alma
  • H
Incorrect Authorization

<0:91.3.0-1.el8_4.alma
  • C
Integer Overflow or Wraparound

<0:91.7.0-3.el8_5.alma
  • C
Exposure of Resource to Wrong Sphere

<0:91.7.0-3.el8_5.alma
  • C
Improper Encoding or Escaping of Output

<0:91.7.0-3.el8_5.alma
  • H
Out-of-bounds Write

<0:102.11.0-2.el8_7.alma
  • H
Use of Uninitialized Resource

<0:102.11.0-2.el8_7.alma
  • H
CVE-2023-32212

<0:102.11.0-2.el8_7.alma
  • H
CVE-2023-32211

<0:102.11.0-2.el8_7.alma
  • H
Authentication Bypass

<0:102.11.0-2.el8_7.alma
  • H
Out-of-bounds Read

<0:102.11.0-2.el8_7.alma
  • H
CVE-2023-32205

<0:102.11.0-2.el8_7.alma
  • H
Out-of-bounds Write

<0:91.13.0-1.el8_6.alma
  • H
Out-of-bounds Write

<0:91.13.0-1.el8_6.alma
  • H
Use After Free

<0:91.13.0-1.el8_6.alma
  • H
Improper Preservation of Permissions

<0:91.13.0-1.el8_6.alma
  • H
Origin Validation Error

<0:91.13.0-1.el8_6.alma