firefox vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the firefox package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Improper Neutralization of Null Byte or NUL Character	<0:140.4.0-1.amzn2023.0.4
H Integer Overflow or Wraparound	<0:128.10.0-1.amzn2023.0.2
H Exposure of System Data to an Unauthorized Control Sphere	<0:140.4.0-1.amzn2023.0.2
H Use After Free	<0:140.4.0-1.amzn2023.0.2
H Out-of-bounds Read	<0:140.4.0-1.amzn2023.0.2
H Out-of-Bounds	<0:140.4.0-1.amzn2023.0.2
H Improper Access Control	<0:140.4.0-1.amzn2023.0.2
H Out-of-Bounds	<0:140.4.0-1.amzn2023.0.2
H Interpretation Conflict	<0:140.4.0-1.amzn2023.0.2
H Access of Uninitialized Pointer	<0:140.3.0-1.amzn2023.0.1
H Out-of-bounds Read	<0:140.3.0-1.amzn2023.0.1
H Use After Free	<0:140.3.0-1.amzn2023.0.1
H Allocation of Resources Without Limits or Throttling	<0:140.3.0-1.amzn2023.0.1
H CVE-2025-10536	<0:140.3.0-1.amzn2023.0.1
H CVE-2025-10537	<0:140.3.0-1.amzn2023.0.1
H CVE-2025-10529	<0:140.3.0-1.amzn2023.0.1
H Integer Overflow or Wraparound	<0:140.3.0-1.amzn2023.0.1
H Out-of-Bounds	<0:140.2.0-1.amzn2023.0.1
H Resource Exhaustion	<0:140.2.0-1.amzn2023.0.1
H User Interface (UI) Misrepresentation of Critical Information	<0:140.2.0-1.amzn2023.0.1
H Improper Initialization	<0:140.2.0-1.amzn2023.0.1
H Out-of-Bounds	<0:140.2.0-1.amzn2023.0.1
H Out-of-Bounds	<0:140.2.0-1.amzn2023.0.1
H Improper Input Validation	<0:140.2.0-1.amzn2023.0.1
H Information Exposure	<0:140.2.0-1.amzn2023.0.1
H Insufficient Protection Against Instruction Skipping Via Fault Injection	<0:140.1.0-1.amzn2023.0.2
H Out-of-Bounds	<0:140.1.0-1.amzn2023.0.2
H Incorrect Default Permissions	<0:140.1.0-1.amzn2023.0.2
H Out-of-Bounds	<0:140.1.0-1.amzn2023.0.2
H Protection Mechanism Failure	<0:140.1.0-1.amzn2023.0.2
H Use of Uninitialized Variable	<0:140.1.0-1.amzn2023.0.2
H Arbitrary Code Injection	<0:140.1.0-1.amzn2023.0.2
H Cross-site Scripting (XSS)	<0:140.1.0-1.amzn2023.0.2
H NULL Pointer Dereference	<0:140.1.0-1.amzn2023.0.2
H Information Exposure	<0:128.12.0-1.amzn2023.0.1
H Use of Incorrectly-Resolved Name or Reference	<0:128.12.0-1.amzn2023.0.1
H Use After Free	<0:128.12.0-1.amzn2023.0.1
H Cross-site Scripting (XSS)	<0:128.12.0-1.amzn2023.0.1
H Improper Encoding or Escaping of Output	<0:128.11.0-1.amzn2023.0.2
H Out-of-bounds Write	<0:128.11.0-1.amzn2023.0.2
H Improper Restriction of Rendered UI Layers or Frames	<0:128.11.0-1.amzn2023.0.2
H Out-of-Bounds	<0:128.11.0-1.amzn2023.0.2
H Out-of-Bounds	<0:128.11.0-1.amzn2023.0.2
H Out-of-bounds Write	<0:128.11.0-1.amzn2023.0.2
H Inclusion of Functionality from Untrusted Control Sphere	<0:128.11.0-1.amzn2023.0.2
H Inclusion of Functionality from Untrusted Control Sphere	<0:128.11.0-1.amzn2023.0.2
H Improper Encoding or Escaping of Output	<0:128.11.0-1.amzn2023.0.2
H Out-of-bounds Read	<0:128.10.0-1.amzn2023.0.2
H Integer Overflow or Wraparound	<0:128.10.0-1.amzn2023.0.2
H Buffer Overflow	<0:128.10.0-1.amzn2023.0.2
H Buffer Overflow	<0:128.10.0-1.amzn2023.0.2
H Insufficient Compartmentalization	<0:128.10.0-1.amzn2023.0.2
H Buffer Overflow	<0:128.9.0-1.amzn2023.0.1
H Use After Free	<0:128.9.0-1.amzn2023.0.1
H Origin Validation Error	<0:128.9.0-1.amzn2023.0.1

Vulnerability

Vulnerable Version

Improper Neutralization of Null Byte or NUL Character

<0:140.4.0-1.amzn2023.0.4