firefox vulnerabilities

Known vulnerabilities in the firefox package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Use of Insufficiently Random Values	*
H Numeric Truncation Error	*
L Missing Synchronization	*
L NULL Pointer Dereference	*
L User Interface (UI) Misrepresentation of Critical Information	*
L Out-of-bounds Read	*
L Double Free	*
L Race Condition	*
L Improper Validation of Specified Quantity in Input	*
L Uncontrolled Memory Allocation	*
L Improper Check for Unusual or Exceptional Conditions	*
L Information Exposure	*
M Exposure of System Data to an Unauthorized Control Sphere	*
M Information Exposure	*
M User Interface (UI) Misrepresentation of Critical Information	*
M Use After Free	*
M Out-of-Bounds	*
M Buffer Overflow	*
M Use After Free	*
M Buffer Overflow	*
M Out-of-Bounds	*
M Use After Free	*
M Open Redirect	*
M Unintended Proxy or Intermediary ('Confused Deputy')	*
M Out-of-Bounds	*
M Improper Restriction of Rendered UI Layers or Frames	*
M Access of Uninitialized Pointer	*
M Missing Authentication for Critical Function	*
H Buffer Overflow	*
H Buffer Overflow	*
H Buffer Overflow	*
H Use After Free	*
H Buffer Overflow	*
H Use After Free	*
H Buffer Overflow	*
H Arbitrary Code Injection	*
H Arbitrary Code Injection	*
H Buffer Overflow	*
H Buffer Overflow	*
H Improper Restriction of Rendered UI Layers or Frames	*
H Buffer Overflow	*
M HTTP Request Smuggling	*
L HTTP Request Smuggling	*
L Improper Input Validation	*
M Information Exposure	<0:128.12.0-1.el10_0
M Cross-site Scripting (XSS)	<0:128.12.0-1.el10_0
M Use of Incorrectly-Resolved Name or Reference	<0:128.12.0-1.el10_0
H Use After Free	<0:128.12.0-1.el10_0
L Improper Resource Shutdown or Release	*
L Use After Free	*
L Reachable Assertion	*
H Double Free	<0:128.11.0-1.el10_0
L Improper Check for Unusual or Exceptional Conditions	*
L Improper Restriction of Rendered UI Layers or Frames	*
M Improper Cleanup on Thrown Exception	*
H Buffer Overflow	*
H Buffer Overflow	*
H Use After Free	*
H Use After Free	*
H Access of Resource Using Incompatible Type ('Type Confusion')	*
H Out-of-bounds Read	*
M Allocation of Resources Without Limits or Throttling	*
L Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)	*
L Information Exposure	*
L Use After Free	*
M Double Free	*
L Product UI does not Warn User of Unsafe Actions	*
M Cross-site Scripting (XSS)	*
M Improper Validation of Integrity Check Value	*
M User Interface (UI) Misrepresentation of Critical Information	*
H Buffer Overflow	*
M Incomplete Filtering of Special Elements	*
M Buffer Overflow	<0:128.10.0-1.el10_0
M Out-of-bounds Read	<0:128.10.0-1.el10_0
H Insufficient Compartmentalization	<0:128.10.0-1.el10_0
H Arbitrary Code Injection	<0:128.10.0-1.el10_0
H Buffer Overflow	<0:128.10.0-1.el10_0
M Origin Validation Error	<0:128.9.0-3.el10_0
H Use After Free	<0:128.9.0-3.el10_0
H Buffer Overflow	<0:128.9.0-3.el10_0
M Heap-based Buffer Overflow	*
H Out-of-bounds Write	<0:128.10.1-1.el10_0
H Out-of-bounds Write	<0:128.10.1-1.el10_0
L Improper Restriction of Rendered UI Layers or Frames	<0:128.11.0-1.el10_0
M Out-of-Bounds	<0:128.11.0-1.el10_0
M Inclusion of Functionality from Untrusted Control Sphere	<0:128.11.0-1.el10_0
M Inclusion of Functionality from Untrusted Control Sphere	<0:128.11.0-1.el10_0
M Improper Encoding or Escaping of Output	<0:128.11.0-1.el10_0
M Out-of-Bounds	<0:128.11.0-1.el10_0
M Improper Validation of Unsafe Equivalence in Input	*
M CVE-2025-48068	*
L Race Condition	*

Vulnerability

Vulnerable Version

Use of Insufficiently Random Values