Homepage

firefox vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the firefox package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
CVE-2021-29993

<92.0.1-r0
  • H
HTTP Request Smuggling

<92.0.1-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<94.0-r0
  • M
CVE-2021-38491

<92.0.1-r0
  • M
Improper Restriction of Excessive Authentication Attempts

<92.0.1-r0
  • H
Use After Free

<90.0-r0
  • H
Use After Free

<93.0-r0
  • M
Origin Validation Error

<93.0-r0
  • H
CVE-2021-38494

<92.0.1-r0
  • H
CVE-2021-38499

<93.0-r0
  • H
Out-of-Bounds

<92.0.1-r0
  • M
Missing Release of Resource after Effective Lifetime

<92.0.1-r0
  • M
CVE-2021-29975

<90.0-r0
  • H
CVE-2021-29981

<92.0.1-r0
  • H
Out-of-bounds Write

<90.0-r0
  • M
CVE-2021-29974

<90.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<94.0-r0
  • M
Origin Validation Error

<94.0-r0
  • H
CVE-2021-38510

<94.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<94.0-r0
  • C
Race Condition

<93.0-r0
  • M
CVE-2021-29983

<92.0.1-r0
  • M
Exposure of Resource to Wrong Sphere

<94.0-r0
  • C
Incorrect Authorization

<94.0-r0
  • H
Use After Free

<94.0-r0
  • H
CVE-2021-38501

<93.0-r0
  • H
Use After Free

<93.0-r0
  • H
CVE-2021-38500

<93.0-r0
  • M
CVE-2021-38492

<92.0.1-r0
  • H
Missing Initialization of Resource

<92.0.1-r0
  • H
Interpretation Conflict

<92.0.1-r0
  • H
Race Condition

<92.0.1-r0
  • H
Use After Free

<92.0.1-r0
  • H
Out-of-bounds Write

<92.0.1-r0
  • H
Out-of-Bounds

<92.0.1-r0
  • H
CVE-2021-29984

<92.0.1-r0
  • H
Use After Free

<90.0-r0
  • H
Out-of-bounds Write

<90.0-r0
  • H
Out-of-bounds Write

<90.0-r0
  • H
Out-of-Bounds

<89.0-r0
  • M
Externally Controlled Reference to a Resource in Another Sphere

<89.0-r0
  • M
Improper Resource Shutdown or Release

<89.0-r0
  • M
Insufficient Verification of Data Authenticity

<89.0-r0
  • M
Incorrect Authorization

<89.0-r0
  • M
Missing Authorization

<89.0-r0
  • M
Incorrect Resource Transfer Between Spheres

<89.0-r0
  • H
Race Condition

<88.0.1-r0
  • H
Out-of-Bounds

<89.0-r0
  • H
Out-of-Bounds

<88.0-r0
  • M
Cross-site Scripting (XSS)

<88.0-r0
  • L
CVE-2021-24000

<88.0-r0
  • M
Exposure of Resource to Wrong Sphere

<88.0-r0
  • M
CVE-2021-23996

<88.0-r0
  • H
Incorrect Conversion between Numeric Types

<88.0-r0
  • H
Out-of-Bounds

<87.0-r0
  • M
Exposure of Resource to Wrong Sphere

<87.0-r0
  • M
Origin Validation Error

<87.0-r0
  • M
Out-of-Bounds

<87.0-r0
  • H
Out-of-Bounds

<87.0-r0
  • M
Time-of-check Time-of-use (TOCTOU)

<87.0-r0
  • H
Improper Restriction of Rendered UI Layers or Frames

<87.0-r0
  • M
Missing Authorization

<87.0-r0
  • M
CVE-2021-23974

<87.0-r0
  • H
CVE-2021-23972

<87.0-r0
  • M
CVE-2021-23971

<87.0-r0
  • M
Reachable Assertion

<87.0-r0
  • M
Incorrect Calculation

<88.0-r0
  • H
Integer Overflow or Wraparound

<88.0-r0
  • H
Arbitrary Argument Injection

<88.0-r0
  • H
Improper Privilege Management

<88.0-r0
  • M
Insufficient Verification of Data Authenticity

<88.0-r0
  • H
Operation on a Resource after Expiration or Release

<88.0-r0
  • H
Missing Initialization of Resource

<88.0-r0
  • H
Out-of-Bounds

<87.0-r0
  • M
Authentication Bypass

<87.0-r0
  • M
Inadequate Encryption Strength

<87.0-r0
  • H
Out-of-Bounds

<87.0-r0
  • H
CVE-2021-23978

<87.0-r0
  • M
Information Exposure

<87.0-r0
  • M
Information Exposure

<87.0-r0
  • M
CVE-2021-23969

<87.0-r0
  • H
Out-of-Bounds

<85.0-r0
  • M
Improper Preservation of Permissions

<85.0-r0
  • H
CVE-2021-23962

<85.0-r0
  • H
CVE-2021-23961

<85.0-r0
  • M
Cross-site Scripting (XSS)

<85.0-r0
  • M
Exposure of Resource to Wrong Sphere

<85.0-r0
  • H
CVE-2021-23957

<85.0-r0
  • M
CVE-2021-23956

<85.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<85.0-r0
  • H
CVE-2021-23960

<85.0-r0
  • H
Out-of-Bounds

<85.0-r0
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<85.0-r0
  • H
Out-of-bounds Write

<84.0.1-r0
  • M
Open Redirect

<84.0.1-r0
  • M
CVE-2020-26977

<84.0.1-r0
  • M
CVE-2020-26975

<84.0.1-r0
  • M
CVE-2020-26976

<84.0.1-r0
  • C
Use After Free

<84.0.1-r0
  • H
Use After Free

<84.0.2-r0
  • H
CVE-2020-35112

<84.0.1-r0
  • H
Out-of-bounds Write

<84.0.1-r0
  • M
CVE-2020-26978

<84.0.1-r0
  • M
CVE-2020-35111

<84.0.1-r0
  • H
Out-of-bounds Write

<84.0.1-r0
  • H
Out-of-bounds Write

<84.0.1-r0
  • M
Information Exposure

<84.0.1-r0
  • H
CVE-2020-26973

<84.0.1-r0
  • C
CVE-2020-15684

<82.0-r0
  • M
Origin Validation Error

<82.0-r0
  • H
CVE-2020-15681

<82.0-r0
  • M
CVE-2020-15680

<82.0-r0
  • C
Out-of-Bounds

<82.0-r0
  • H
Out-of-bounds Write

<83.0-r0
  • M
CVE-2020-26967

<83.0-r0
  • M
CVE-2020-26964

<83.0-r0
  • M
CVE-2020-26963

<83.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<83.0-r0
  • M
Improper Initialization

<83.0-r0
  • M
Reliance on Cookies without Validation and Integrity Checking

<83.0-r0
  • M
CVE-2020-26954

<83.0-r0
  • H
Out-of-bounds Write

<83.0-r0
  • H
Out-of-bounds Write

<83.0-r0
  • M
Improper Cross-boundary Removal of Sensitive Data

<83.0-r0
  • M
CVE-2020-26966

<83.0-r0
  • M
CVE-2020-26961

<83.0-r0
  • H
Use After Free

<83.0-r0
  • H
Use After Free

<83.0-r0
  • M
Cross-site Scripting (XSS)

<83.0-r0
  • M
Cross-site Scripting (XSS)

<83.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<83.0-r0
  • H
Use After Free

<82.0.3-r0
  • M
CVE-2020-16012

<83.0-r0
  • H
Use After Free

<82.0-r0
  • C
CVE-2020-15683

<82.0-r0
  • M
Out-of-bounds Write

<83.0-r0
  • H
Buffer Overflow

<81.0-r0
  • H
Release of Invalid Pointer or Reference

<81.0-r0
  • H
Use After Free

<81.0-r0
  • M
Open Redirect

<81.0-r0
  • M
Cross-site Scripting (XSS)

<81.0-r0
  • H
Release of Invalid Pointer or Reference

<81.0-r0
  • H
Unrestricted Upload of File with Dangerous Type

<80.0-r0
  • M
Improper Locking

<80.0-r0
  • M
CVE-2020-15665

<80.0-r0
  • M
Information Exposure

<80.0-r0
  • H
Release of Invalid Pointer or Reference

<80.0-r0
  • M
Incorrect Authorization

<80.0-r0
  • H
Improper Privilege Management

<80.0-r0
  • M
Information Exposure

<80.0-r0
  • M
Use of a Broken or Risky Cryptographic Algorithm

<80.0-r0
  • M
CVE-2020-6829

<80.0-r0
  • H
Use After Free

<79.0-r0
  • M
CVE-2020-6514

<79.0-r0
  • M
Origin Validation Error

<79.0-r0
  • M
CVE-2020-15653

<79.0-r0
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

<79.0-r0
  • M
Information Exposure

<79.0-r0
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<79.0-r0
  • H
Uncontrolled Search Path Element

<79.0-r0
  • M
Improper Check for Unusual or Exceptional Conditions

<79.0-r0
  • H
Out-of-bounds Write

<79.0-r0
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<71.0.1-r0
  • M
Improper Input Validation

<71.0.1-r0
  • H
Out-of-bounds Write

<71.0.1-r0
  • C
Improper Privilege Management

<75.0-r0
  • L
Session Fixation

<75.0-r0
  • C
Out-of-Bounds

<75.0-r0
  • M
Authentication Bypass

<74.0-r0
  • H
Information Exposure

<74.0-r0
  • M
Authentication Bypass

<74.0-r0
  • M
CVE-2020-6813

<74.0-r0
  • C
Out-of-Bounds

<74.0-r0
  • M
Information Exposure

<77.0-r0
  • M
Arbitrary Code Injection

<77.0-r0
  • H
CVE-2020-12409

<77.0-r0
  • H
Out-of-Bounds

<77.0-r0
  • C
Deserialization of Untrusted Data

<76.0-r0
  • H
Improper Input Validation

<76.0-r0
  • L
Improper Input Validation

<76.0-r0
  • C
Out-of-Bounds

<76.0-r0
  • H
Out-of-bounds Write

<70.0-r0
  • M
Incorrect Default Permissions

<70.0-r0
  • M
Cross-site Scripting (XSS)

<70.0-r0
  • M
Cross-site Scripting (XSS)

<70.0-r0
  • M
Improper Input Validation

<70.0-r0
  • M
Incorrect Default Permissions

<78.0-r0
  • H
Use After Free

<78.0-r0
  • H
Out-of-bounds Write

<78.0-r0
  • H
Uncontrolled Search Path Element

<78.0-r0
  • M
Incorrect Default Permissions

<78.0-r0
  • M
Out-of-bounds Read

<78.0-r0
  • H
Out-of-Bounds

<78.0-r0
  • M
Information Exposure

<77.0-r0
  • M
Use After Free

<77.0-r0
  • H
Insufficient Verification of Data Authenticity

<77.0-r0
  • M
Out-of-bounds Read

<74.0-r0
  • H
Use After Free

<74.0-r0
  • H
Out-of-bounds Read

<74.0-r0
  • H
Use After Free

<74.0-r0
  • H
Arbitrary Code Injection

<74.0-r0
  • M
Information Exposure

<74.0-r0
  • C
Out-of-Bounds

<74.0-r0
  • H
Out-of-Bounds

<75.0-r0
  • M
Use of a Broken or Risky Cryptographic Algorithm

<78.0-r0
  • H
Out-of-bounds Write

<75.0-r0
  • C
Out-of-Bounds

<75.0-r0
  • H
Use After Free

<74.0.1-r0
  • M
Improper Authentication

<71.0.1-r0
  • H
Double Free

<74.0.1-r0
  • H
Out-of-Bounds

<78.0-r0
  • M
Out-of-bounds Read

<78.0-r0
  • H
Use After Free

<78.0-r0
  • H
Use After Free

<78.0-r0
  • M
Improper Certificate Validation

<78.0-r0
  • H
Race Condition

<76.0-r0
  • C
Improper Input Validation

<76.0-r0
  • C
Improper Input Validation

<76.0-r0
  • M
Information Exposure

<76.0-r0
  • H
Arbitrary Code Injection

<76.0-r0
  • C
Out-of-Bounds

<76.0-r0
  • C
Buffer Overflow

<76.0-r0
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<71.0.1-r0
  • H
Buffer Overflow

<71.0.1-r0
  • M
Cross-site Scripting (XSS)

<71.0.1-r0
  • M
Cross-site Scripting (XSS)

<71.0.1-r0
  • M
Origin Validation Error

<70.0-r0
  • M
Race Condition

<70.0-r0
  • M
Cross-site Scripting (XSS)

<70.0-r0
  • H
Use After Free

<70.0-r0
  • H
Out-of-bounds Write

<70.0-r0
  • H
Use After Free

<70.0-r0
  • H
Buffer Overflow

<70.0-r0
  • H
Out-of-bounds Read

<70.0-r0
  • C
Improper Authentication

<68.0.2-r0