Homepage

firefox vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the firefox package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<0:128.2.0-1.el9_4
  • M
Integer Overflow or Wraparound

*
  • M
Integer Overflow or Wraparound

*
  • M
Integer Overflow or Wraparound

*
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<0:128.2.0-1.el9_4
  • H
Out-of-bounds Write

<0:128.2.0-1.el9_4
  • H
Exposure of System Data to an Unauthorized Control Sphere

<0:128.2.0-1.el9_4
  • H
Missing Authorization

<0:128.2.0-1.el9_4
  • H
Buffer Overflow

<0:128.2.0-1.el9_4
  • H
Incorrect Type Conversion or Cast

<0:128.2.0-1.el9_4
  • H
Improperly Implemented Security Check for Standard

<0:128.2.0-1.el9_4
  • H
CVE-2024-7529

<0:115.14.0-2.el9_4
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<0:115.14.0-2.el9_4
  • H
Out-of-bounds Write

<0:115.14.0-2.el9_4
  • H
Use After Free

<0:115.14.0-2.el9_4
  • H
Improper Privilege Management

<0:115.14.0-2.el9_4
  • H
Use of Uninitialized Resource

<0:115.14.0-2.el9_4
  • H
Use After Free

<0:115.14.0-2.el9_4
  • H
Cross-site Scripting (XSS)

<0:115.14.0-2.el9_4
  • H
Out-of-bounds Read

<0:115.14.0-2.el9_4
  • H
CVE-2024-7518

<0:115.14.0-2.el9_4
  • H
Use After Free

<0:115.14.0-2.el9_4
  • H
Out-of-Bounds

<0:115.13.0-3.el9_4
  • H
Improper Preservation of Permissions

<0:115.13.0-3.el9_4
  • H
Buffer Overflow

<0:115.13.0-3.el9_4
  • M
Improper Input Validation

*
  • H
Covert Timing Channel

<0:115.12.0-1.el9_4
  • H
Use After Free

<0:115.12.0-1.el9_4
  • H
Buffer Overflow

<0:115.12.0-1.el9_4
  • H
Improper Access Control

<0:115.12.0-1.el9_4
  • H
Inclusion of Functionality from Untrusted Control Sphere

<0:115.12.0-1.el9_4
  • H
Use After Free

<0:115.12.0-1.el9_4
  • H
Improper Validation of Specified Type of Input

<0:115.12.0-1.el9_4
  • M
Integer Overflow or Wraparound

*
  • H
Buffer Overflow

<0:115.11.0-1.el9_4
  • H
Improper Cross-boundary Removal of Sensitive Data

<0:115.11.0-1.el9_4
  • H
Use After Free

<0:115.11.0-1.el9_4
  • H
Inclusion of Functionality from Untrusted Control Sphere

<0:115.11.0-1.el9_4
  • H
Improper Check for Unusual or Exceptional Conditions

<0:115.11.0-1.el9_4
  • H
User Interface (UI) Misrepresentation of Critical Information

<0:115.11.0-1.el9_4
  • H
Resource Exhaustion

<0:115.10.0-1.el9_3
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<0:115.10.0-1.el9_3
  • H
Buffer Overflow

<0:115.10.0-1.el9_3
  • H
Use After Free

<0:115.10.0-1.el9_3
  • H
Integer Overflow or Wraparound

<0:115.10.0-1.el9_3
  • H
Use After Free

<0:115.10.0-1.el9_3
  • H
Out-of-bounds Read

<0:115.10.0-1.el9_3
  • H
Product UI does not Warn User of Unsafe Actions

<0:115.10.0-1.el9_3
  • C
Arbitrary Code Injection

<0:115.9.1-1.el9_3
  • C
Buffer Overflow

<0:115.9.1-1.el9_3
  • C
Use After Free

<0:115.9.1-1.el9_3
  • C
Cross-site Scripting (XSS)

<0:115.9.1-1.el9_3
  • C
CVE-2024-2616

<0:115.9.1-1.el9_3
  • C
The UI Performs the Wrong Action

<0:115.9.1-1.el9_3
  • C
Register Interface Allows Software Access to Sensitive Data or Security Settings

<0:115.9.1-1.el9_3
  • C
Integer Overflow or Wraparound

<0:115.9.1-1.el9_3
  • C
Information Exposure

<0:115.9.1-1.el9_3
  • H
Incorrect Conversion between Numeric Types

<0:115.8.0-1.el9_3
  • H
Arbitrary Code Injection

<0:115.8.0-1.el9_3
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:115.8.0-1.el9_3
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:115.8.0-1.el9_3
  • H
The UI Performs the Wrong Action

<0:115.8.0-1.el9_3
  • H
Out-of-bounds Read

<0:115.8.0-1.el9_3
  • H
The UI Performs the Wrong Action

<0:115.8.0-1.el9_3
  • H
Buffer Overflow

<0:115.8.0-1.el9_3
  • M
Resource Exhaustion

*
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:115.7.0-1.el9_3
  • H
Improper Input Validation

<0:115.7.0-1.el9_3
  • H
Improper Input Validation

<0:115.7.0-1.el9_3
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:115.7.0-1.el9_3
  • H
Out-of-bounds Write

<0:115.7.0-1.el9_3
  • H
Buffer Overflow

<0:115.7.0-1.el9_3
  • C
Unchecked Return Value

<0:115.9.1-1.el9_3
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:115.7.0-1.el9_3
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:115.7.0-1.el9_3
  • H
Inadequate Encryption Strength

<0:115.7.0-1.el9_3
  • M
Information Exposure

*
  • H
Heap-based Buffer Overflow

<0:115.6.0-1.el9_3
  • H
Improper Input Validation

<0:115.6.0-1.el9_3
  • H
Heap-based Buffer Overflow

<0:115.6.0-1.el9_3
  • H
Use After Free

<0:115.6.0-1.el9_3
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:115.6.0-1.el9_3
  • H
Improper Input Validation

<0:115.6.0-1.el9_3
  • H
Use of Uninitialized Resource

<0:115.6.0-1.el9_3
  • H
Use After Free

<0:115.6.0-1.el9_3
  • H
Buffer Overflow

<0:115.6.0-1.el9_3
  • H
Race Condition

<0:115.6.0-1.el9_3
  • H
Heap-based Buffer Overflow

<0:115.6.0-1.el9_3
  • H
Use After Free

<0:115.5.0-1.el9_3
  • H
Directory Traversal

<0:115.5.0-1.el9_3
  • H
Out-of-bounds Read

<0:115.5.0-1.el9_3
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:115.5.0-1.el9_3
  • H
Use After Free

<0:115.5.0-1.el9_3
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:115.5.0-1.el9_3
  • H
Buffer Overflow

<0:115.5.0-1.el9_3
  • H
Buffer Overflow

<0:115.4.0-1.el9_2
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:115.4.0-1.el9_2
  • H
Product UI does not Warn User of Unsafe Actions

<0:115.4.0-1.el9_2
  • H
Multiple Interpretations of UI Input

<0:115.4.0-1.el9_2
  • H
Open Redirect

<0:115.4.0-1.el9_2
  • H
Memory Leak

<0:115.4.0-1.el9_2
  • H
Improper Handling of Exceptional Conditions

<0:115.4.0-1.el9_2
  • H
Out-of-Bounds

<0:115.3.1-1.el9_2
  • H
Heap-based Buffer Overflow

<0:102.15.1-1.el9_2
  • H
Buffer Overflow

<0:115.3.1-1.el9_2
  • H
Use After Free

<0:115.3.1-1.el9_2
  • H
Out-of-bounds Write

<0:115.3.1-1.el9_2
  • H
Heap-based Buffer Overflow

*
  • H
Resource Exhaustion

<0:102.15.0-1.el9_2
  • H
Information Exposure

<0:102.15.0-1.el9_2
  • H
Use After Free

<0:102.15.0-1.el9_2
  • H
Compilation with Insufficient Warnings or Errors

<0:102.15.0-1.el9_2
  • H
Use After Free

<0:102.15.0-1.el9_2
  • H
Use After Free

<0:102.15.0-1.el9_2
  • H
Buffer Overflow

<0:102.15.0-1.el9_2
  • H
Out-of-Bounds

<0:102.15.0-1.el9_2
  • H
Buffer Overflow

<0:102.15.0-1.el9_2
  • H
Incorrect Behavior Order: Early Validation

<0:102.15.0-1.el9_2
  • H
Authentication Bypass

<0:102.15.0-1.el9_2
  • H
Authentication Bypass

<0:102.15.0-1.el9_2
  • H
Reliance on Cookies without Validation and Integrity Checking in a Security Decision

<0:102.14.0-1.el9_2
  • H
Buffer Overflow

<0:102.14.0-1.el9_2
  • H
Improper Handling of Insufficient Permissions or Privileges

<0:102.14.0-1.el9_2
  • H
Race Condition

<0:102.14.0-1.el9_2
  • H
Out-of-bounds Read

<0:102.14.0-1.el9_2
  • H
Improper Input Validation

<0:102.14.0-1.el9_2
  • H
Inclusion of Functionality from Untrusted Control Sphere

<0:102.14.0-1.el9_2
  • H
Buffer Overflow

<0:102.14.0-1.el9_2
  • H
Buffer Overflow

<0:102.14.0-1.el9_2
  • H
Use After Free

<0:115.3.1-1.el9_2
  • H
Authentication Bypass

<0:102.13.0-2.el9_2
  • H
Use After Free

<0:102.13.0-2.el9_2
  • H
Compilation with Insufficient Warnings or Errors

<0:102.13.0-2.el9_2
  • H
Use After Free

<0:102.13.0-2.el9_2
  • H
Buffer Overflow

<0:102.13.0-2.el9_2
  • H
Buffer Overflow

<0:102.12.0-1.el9_2
  • H
The UI Performs the Wrong Action

<0:102.12.0-1.el9_2
  • H
Buffer Overflow

<0:102.11.0-2.el9_2
  • H
Improper Handling of Insufficient Permissions or Privileges

<0:102.11.0-2.el9_2
  • H
User Interface (UI) Misrepresentation of Critical Information

<0:102.11.0-2.el9_2
  • H
Use of Uninitialized Variable

<0:102.11.0-2.el9_2
  • H
Out-of-bounds Read

<0:102.11.0-2.el9_2
  • H
Insufficient Verification of Data Authenticity

<0:102.11.0-2.el9_2
  • H
Resource Exhaustion

<0:102.11.0-2.el9_2
  • H
Double Free

<0:102.10.0-1.el9_1
  • H
Incorrect Calculation

<0:102.10.0-1.el9_1
  • H
Direct Request ('Forced Browsing')

<0:102.10.0-1.el9_1
  • H
Failure to Sanitize Special Element

<0:102.10.0-1.el9_1
  • H
Unrestricted Upload of File with Dangerous Type

<0:102.10.0-1.el9_1
  • H
Buffer Overflow

<0:102.10.0-1.el9_1
  • H
Reachable Assertion

<0:102.10.0-1.el9_1
  • H
Out-of-Bounds

<0:102.10.0-1.el9_1
  • H
Out-of-Bounds

<0:102.10.0-1.el9_1
  • H
Inclusion of Functionality from Untrusted Control Sphere

<0:102.9.0-3.el9_1
  • H
Incorrect Type Conversion or Cast

<0:102.9.0-3.el9_1
  • H
Out-of-bounds Read

<0:102.9.0-3.el9_1
  • H
Buffer Overflow

<0:102.9.0-3.el9_1
  • H
Arbitrary Code Injection

<0:102.9.0-3.el9_1
  • H
Use After Free

<0:102.8.0-2.el9_1
  • H
Improper Handling of Alternate Encoding

<0:102.8.0-2.el9_1
  • H
Insufficient UI Warning of Dangerous Operations

<0:102.8.0-2.el9_1
  • H
Buffer Overflow

<0:102.8.0-2.el9_1
  • H
Cross-site Scripting (XSS)

<0:102.8.0-2.el9_1
  • H
Use After Free

<0:102.8.0-2.el9_1
  • H
Incorrect Type Conversion or Cast

<0:102.8.0-2.el9_1
  • H
Incorrect Synchronization

<0:102.8.0-2.el9_1
  • H
Out-of-bounds Write

<0:102.8.0-2.el9_1
  • H
Buffer Overflow

<0:102.8.0-2.el9_1
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:102.8.0-2.el9_1
  • H
Buffer Overflow

<0:102.7.0-1.el9_1
  • H
CVE-2023-23602

<0:102.7.0-1.el9_1
  • H
Inclusion of Functionality from Untrusted Control Sphere

<0:102.7.0-1.el9_1
  • H
Incorrect Regular Expression

<0:102.7.0-1.el9_1
  • H
Arbitrary Command Injection

<0:102.7.0-1.el9_1
  • H
Use of Unmaintained Third Party Components

<0:102.7.0-1.el9_1
  • H
Multiple Interpretations of UI Input

<0:102.7.0-1.el9_1
  • H
Insufficient UI Warning of Dangerous Operations

<0:102.7.0-1.el9_1
  • H
Out-of-bounds Read

*
  • H
Truncation of Security-relevant Information

<0:102.6.0-1.el9_1
  • H
Out-of-Bounds

<0:102.6.0-1.el9_1
  • H
Use After Free

<0:102.6.0-1.el9_1
  • H
Buffer Overflow

<0:102.6.0-1.el9_1
  • H
Use After Free

<0:102.6.0-1.el9_1
  • H
Information Exposure

<0:102.6.0-1.el9_1
  • H
Use After Free

<0:102.5.0-1.el9_1
  • H
Buffer Overflow

<0:102.5.0-1.el9_1
  • H
Inclusion of Functionality from Untrusted Control Sphere

<0:102.5.0-1.el9_1
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:102.5.0-1.el9_1
  • H
Information Exposure

<0:102.5.0-1.el9_1
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:102.5.0-1.el9_1
  • H
Information Exposure

<0:102.5.0-1.el9_1
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:102.5.0-1.el9_1
  • H
Sensitive Cookie with Improper SameSite Attribute

<0:102.5.0-1.el9_1
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:102.5.0-1.el9_1
  • H
Use After Free

<0:102.5.0-1.el9_1
  • H
Use After Free

<0:102.5.0-1.el9_1
  • H
Cross-site Scripting (XSS)

<0:102.5.0-1.el9_1
  • M
Use After Free

*
  • H
Resource Exhaustion

<0:102.4.0-1.el9_0
  • H
Buffer Overflow

<0:102.4.0-1.el9_0
  • H
Inclusion of Functionality from Untrusted Control Sphere

<0:102.4.0-1.el9_0
  • H
Buffer Overflow

<0:102.4.0-1.el9_0
  • H
Use After Free

<0:102.3.0-7.el9_0
  • H
Buffer Overflow

<0:102.3.0-6.el9_0
  • H
Use After Free

<0:102.3.0-6.el9_0
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:102.3.0-6.el9_0
  • H
Improper Handling of Inconsistent Structural Elements

<0:102.3.0-6.el9_0
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:102.3.0-6.el9_0
  • H
Reliance on Cookies without Validation and Integrity Checking in a Security Decision

<0:102.3.0-6.el9_0
  • H
Buffer Overflow

<0:91.13.0-1.el9_0
  • H
Product UI does not Warn User of Unsafe Actions

<0:91.13.0-1.el9_0
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:91.13.0-1.el9_0
  • H
Buffer Overflow

<0:91.13.0-1.el9_0
  • H
Use After Free

<0:91.13.0-1.el9_0
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:91.12.0-2.el9_0
  • H
Cross-site Scripting (XSS)

<0:91.12.0-2.el9_0
  • H
Buffer Overflow

<0:91.12.0-2.el9_0
  • H
Return of Wrong Status Code

<0:91.11.0-2.el9_0
  • H
Integer Overflow or Wraparound

<0:91.11.0-2.el9_0
  • H
Buffer Overflow

<0:91.11.0-2.el9_0
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:91.11.0-2.el9_0
  • H
Cross-site Scripting (XSS)

<0:91.11.0-2.el9_0
  • H
Use After Free

<0:91.11.0-2.el9_0
  • H
Cross-site Scripting (XSS)

<0:91.11.0-2.el9_0
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<0:91.11.0-2.el9_0
  • L
Cross-site Scripting (XSS)

*
  • H
Inclusion of Functionality from Untrusted Control Sphere

<0:91.10.0-1.el9_0
  • H
Buffer Overflow

<0:91.10.0-1.el9_0
  • H
Allocation of Resources Without Limits or Throttling

<0:91.10.0-1.el9_0
  • H
Use of Uninitialized Variable

<0:91.10.0-1.el9_0
  • H
Buffer Overflow

<0:91.10.0-1.el9_0
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:91.10.0-1.el9_0
  • H
Inclusion of Functionality from Untrusted Control Sphere

<0:91.10.0-1.el9_0
  • C
Access of Resource Using Incompatible Type ('Type Confusion')

<0:91.9.1-1.el9_0
  • C
Access of Resource Using Incompatible Type ('Type Confusion')

<0:91.9.1-1.el9_0
  • M
Resource Exhaustion

*
  • H
Buffer Overflow

<0:91.9.0-1.el9_0
  • H
Exposure of System Data to an Unauthorized Control Sphere

<0:91.9.0-1.el9_0
  • H
Reliance on Cookies without Validation and Integrity Checking

<0:91.9.0-1.el9_0
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:91.9.0-1.el9_0
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:91.9.0-1.el9_0
  • H
Improper Preservation of Permissions

<0:91.9.0-1.el9_0
  • M
Resource Exhaustion

*