firefox vulnerabilities

Known vulnerabilities in the firefox package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L CVE-2025-0239	<134.0-r0
L GHSA-928f-3rxq-5jvp	<134.0-r0
L CVE-2025-0237	<134.0-r0
L GHSA-f3xq-g93v-w8cv	<134.0-r0
L CVE-2025-0247	<134.0-r0
L CVE-2025-0241	<134.0-r0
L GHSA-2776-h8x3-vrr7	<134.0-r0
L GHSA-24v2-mrj2-4wpc	<134.0-r0
L GHSA-phcc-6pmp-qw9v	<134.0-r0
L GHSA-qw28-p6qx-vj78	<134.0-r0
L GHSA-68r8-f4jc-vc2p	<134.0-r0
L CVE-2025-0245	<134.0-r0
L CVE-2025-0240	<134.0-r0
L GHSA-xwpw-pxrm-39pm	<134.0-r0
L CVE-2025-0238	<134.0-r0
L GHSA-2g52-qw8q-wfr9	<134.0-r0
L GHSA-hh4j-jwjv-8726	<134.0-r0
L CVE-2025-0243	<134.0-r0
L GHSA-p4q7-g7ff-823j	<134.0-r0
L CVE-2025-0244	<134.0-r0
L CVE-2025-0242	<134.0-r0
L CVE-2025-0246	<134.0-r0
L CVE-2024-11701	<133.0-r0
L CVE-2024-11696	<133.0-r0
L CVE-2024-11692	<133.0-r0
L CVE-2024-11695	<133.0-r0
L GHSA-mjcw-r3mg-3848	<133.0-r0
L CVE-2024-11694	<133.0-r0
L GHSA-wjq6-6xvc-xr82	<133.0-r0
L CVE-2024-11708	<133.0-r0
L GHSA-4c4w-pcg8-6hq9	<133.0-r0
L GHSA-cpxj-fx45-9pgm	<133.0-r0
L GHSA-8rq4-c5x2-x4g8	<133.0-r0
L GHSA-h43c-gg33-qj9g	<133.0-r0
L GHSA-qxf6-g9x3-8w74	<133.0-r0
L CVE-2024-11697	<133.0-r0
L GHSA-jxv2-pgjw-vg3v	<133.0-r0
L CVE-2024-11702	<133.0-r0
L CVE-2024-11691	<133.0-r0
L GHSA-4jp9-q9g7-48gr	<133.0-r0
L CVE-2024-11700	<133.0-r0
L GHSA-3r9h-5xmh-8j4q	<133.0-r0
L GHSA-845f-27fw-gjw9	<133.0-r0
L CVE-2024-11706	<133.0-r0
L GHSA-h8gv-f7pf-7c4p	<133.0-r0
L CVE-2024-11693	<133.0-r0
L GHSA-m59j-fmqm-3q93	<133.0-r0
L CVE-2024-11703	<133.0-r0
L CVE-2024-53976	<133.0-r0
L CVE-2024-11698	<133.0-r0
L CVE-2024-11699	<133.0-r0
L GHSA-p9vw-xw86-3f2w	<133.0-r0
L GHSA-g5wv-cvf4-2r98	<133.0-r0
L GHSA-9g2q-259c-66mq	<133.0-r0
L CVE-2024-53975	<133.0-r0
L GHSA-7r4q-q89f-2mcg	<133.0-r0
L CVE-2024-11705	<133.0-r0
L CVE-2024-11704	<133.0-r0
L GHSA-53mx-8hhc-gmp3	<133.0-r0
L GHSA-rh22-rcv2-42x3	<133.0-r0
L GHSA-6rc3-wcpj-59ch	<132.0-r0
M Out-of-bounds Read	<132.0-r0
H Out-of-bounds Write	<132.0-r0
L GHSA-jx2m-9x57-vwr5	<132.0-r0
M Authentication Bypass	<132.0-r0
L GHSA-xhw3-h8gq-2w23	<132.0-r0
L GHSA-77hv-rqc3-4gm6	<132.0-r0
L GHSA-4jv6-884h-v282	<132.0-r0
M Information Exposure	<132.0-r0
L GHSA-9v98-vwhg-6x24	<132.0-r0
L GHSA-679j-4q32-w85w	<132.0-r0
L GHSA-87x3-r6f2-m885	<132.0-r0
M Cross-site Scripting (XSS)	<132.0-r0
H CVE-2024-10466	<132.0-r0
L GHSA-r2v5-q2jv-5cff	<132.0-r0
L GHSA-jv24-5j5x-m8w6	<132.0-r0
M CVE-2024-10460	<132.0-r0
H Use After Free	<132.0-r0
M Authentication Bypass	<132.0-r0
H CVE-2024-10458	<132.0-r0
L CVE-2024-10004	<132.0-r0
L GHSA-4wjh-chq6-qh88	<132.0-r0
L GHSA-wh67-cc45-g7cf	<132.0-r0
M Race Condition	<132.0-r0
L CVE-2024-9936	<131.0.3-r0
L GHSA-8c7g-vx5g-cmpg	<131.0.3-r0
M Open Redirect	<130.0-r0
C Access of Resource Using Incompatible Type ('Type Confusion')	<130.0-r0
L GHSA-x565-97fv-jfr5	<130.0-r0
C Out-of-bounds Write	<130.0-r0
C Out-of-bounds Write	<130.0-r0
H CVE-2024-8382	<130.0-r0
H CVE-2024-8383	<130.0-r0
L GHSA-pm7g-mpjq-33gr	<130.0-r0
L GHSA-j755-mmjr-g7rh	<130.0-r0
C Out-of-bounds Write	<130.0-r0
L GHSA-m294-4vh4-9qwg	<130.0-r0
M CVE-2024-8388	<130.0-r0
L GHSA-p34f-6xg6-mcrp	<130.0-r0
L GHSA-6q4m-8cmc-2222	<130.0-r0
L GHSA-ph32-hgpc-r5j4	<130.0-r0
L GHSA-j3m3-gfhr-jmqf	<130.0-r0
C Access of Resource Using Incompatible Type ('Type Confusion')	<130.0-r0
L GHSA-794f-5gfq-xmmq	<130.0-r0
L GHSA-hj65-9wfc-jmf4	<130.0.1-r0
M Open Redirect	<130.0.1-r0
H Access of Resource Using Incompatible Type ('Type Confusion')	<129.0.2-r0
H Use After Free	<129.0.2-r0
L GHSA-563c-g7mm-g4xp	<129.0.2-r0
M CVE-2024-7518	<129.0.2-r0
L GHSA-3jj9-9269-99m2	<129.0.2-r0
L GHSA-gx25-vx95-m52w	<129.0.2-r0
M Use of Uninitialized Resource	<129.0.2-r0
H Use After Free	<129.0.2-r0
L GHSA-cr8r-7g9p-hcx6	<129.0.2-r0
L GHSA-7jrj-xq8x-h553	<129.0.2-r0
L GHSA-7j5g-jfh2-w58c	<129.0.2-r0
L GHSA-7369-x5q2-rh2m	<129.0.2-r0
M Cross-site Scripting (XSS)	<129.0.2-r0
M Cross-site Scripting (XSS)	<129.0.2-r0
M CVE-2024-7529	<129.0.2-r0
H Use After Free	<129.0.2-r0
C Out-of-bounds Write	<129.0.2-r0
L GHSA-9wvx-3hw8-4ghf	<129.0.2-r0
L GHSA-69x6-6jqx-q847	<129.0.2-r0
L GHSA-7m9h-4qg6-4hmh	<129.0.2-r0
M Cross-site Scripting (XSS)	<129.0.2-r0
L GHSA-5x3f-3wg2-mc2h	<129.0.2-r0
H Improper Handling of Exceptional Conditions	<129.0.2-r0
M CVE-2024-7531	<129.0.2-r0
H Out-of-bounds Read	<129.0.2-r0
H Incorrect Default Permissions	<129.0.2-r0
L GHSA-w3xp-69rr-q6gw	<129.0.2-r0
M Cross-site Scripting (XSS)	<129.0.2-r0
L GHSA-4xc3-7r7g-7vx3	<129.0.2-r0
H CVE-2024-7523	<129.0.2-r0
L GHSA-xmm2-x5jc-rvmh	<129.0.2-r0
L GHSA-hf5v-h65q-2g27	<129.0.2-r0
L GHSA-mcjx-2c4v-mvg9	<129.0.2-r0
L GHSA-cr94-c6j4-q6g5	<129.0.2-r0
L GHSA-j476-hf2q-984g	<128.0-r0
L CVE-2024-6611	<128.0-r0
L CVE-2024-6614	<128.0-r0
L GHSA-v6r5-wp7h-cj77	<128.0-r0
L CVE-2024-6612	<128.0-r0
M CVE-2024-6608	<128.0-r0
L GHSA-xcm3-jhmr-9fhh	<128.0-r0
M CVE-2024-6610	<128.0-r0
L CVE-2024-6605	<128.0-r0
L GHSA-fj5c-r5jw-5wp8	<128.0-r0
L GHSA-vr96-9xq4-q4jp	<128.0-r0
L GHSA-cpfv-mr66-74v6	<128.0-r0
L GHSA-h7q8-vff8-p3j8	<128.0-r0
L CVE-2024-6607	<128.0-r0
L GHSA-8c8x-848r-wqq7	<128.0-r0
H CVE-2024-6609	<128.0-r0
L CVE-2024-6613	<128.0-r0
L GHSA-9vqr-5j64-p9wr	<128.0-r0
L CVE-2024-6615	<128.0-r0
L GHSA-cpm6-fp82-cq6m	<128.0-r0
L GHSA-gq55-cjrv-p49j	<128.0-r0
L CVE-2024-6600	<128.0-r0
L CVE-2024-6602	<128.0-r0
L CVE-2024-6604	<128.0-r0
L GHSA-3wq7-w8r7-pmvh	<128.0-r0
L CVE-2024-6603	<128.0-r0
L CVE-2024-6606	<128.0-r0
L GHSA-x2q3-f99c-25ff	<128.0-r0
L CVE-2024-6601	<128.0-r0
L GHSA-hr59-q2gm-7hrj	<128.0-r0
L GHSA-rjwc-235r-8986	<128.0-r0
L GHSA-r595-x79c-68p4	<128.0-r0
L GHSA-frpv-8jj9-m3cv	<127.0.2-r0
L CVE-2024-5688	<127.0.2-r0
L GHSA-3jcf-9x2f-86h4	<127.0.2-r0
L GHSA-gmgg-93h8-cp32	<127.0.2-r0
L GHSA-4c8g-9w4h-h6xm	<127.0.2-r0
L GHSA-xhxm-p3qv-qprc	<127.0.2-r0
L GHSA-j6vm-3wj6-fwrh	<127.0.2-r0
H Use After Free	<127.0.2-r0
L GHSA-gfgx-4754-9hhp	<127.0.2-r0
M CVE-2024-5691	<127.0.2-r0
L GHSA-893r-mpwj-qhhg	<127.0.2-r0
M CVE-2024-38312	<127.0.2-r0
L CVE-2024-5687	<127.0.2-r0
C Out-of-bounds Write	<127.0.2-r0
L CVE-2024-5701	<127.0.2-r0
L GHSA-6fj5-m574-p4w9	<127.0.2-r0
M Improper Restriction of Rendered UI Layers or Frames	<127.0.2-r0
L GHSA-g23m-h4v3-g2qq	<127.0.2-r0
L CVE-2024-5696	<127.0.2-r0
L GHSA-ffh4-92gv-qvv5	<127.0.2-r0
M CVE-2024-5689	<127.0.2-r0
L GHSA-f78g-xm2r-gm6j	<127.0.2-r0
L GHSA-pqfc-h2m7-5p9p	<127.0.2-r0
L GHSA-pq6v-hjqm-frww	<127.0.2-r0
L CVE-2024-5692	<127.0.2-r0
L CVE-2024-5699	<127.0.2-r0
L GHSA-3fxj-qpxv-j6qj	<127.0.2-r0
M Information Exposure	<127.0.2-r0
L CVE-2024-5700	<127.0.2-r0
L GHSA-pxf8-583j-3rmh	<127.0.2-r0
M CVE-2024-5697	<127.0.2-r0
M CVE-2024-38313	<127.0.2-r0
L GHSA-hx83-hmj3-pffc	<127.0.2-r0
L CVE-2024-5693	<127.0.2-r0

Vulnerability

Vulnerable Version

<134.0-r0

<134.0-r0

<134.0-r0

<134.0-r0

<134.0-r0

<134.0-r0

<134.0-r0

<134.0-r0

<134.0-r0

<134.0-r0

<134.0-r0

<134.0-r0

<134.0-r0

<134.0-r0

<134.0-r0

<134.0-r0

<134.0-r0

<134.0-r0

<134.0-r0

<134.0-r0

<134.0-r0

<134.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<133.0-r0

<132.0-r0

<132.0-r0

<132.0-r0

<132.0-r0

Authentication Bypass

<132.0-r0

<132.0-r0

<132.0-r0

<132.0-r0

<132.0-r0

<132.0-r0

<132.0-r0

<132.0-r0

Cross-site Scripting (XSS)

<132.0-r0

<132.0-r0

<132.0-r0

<132.0-r0

<132.0-r0

<132.0-r0

Authentication Bypass

<132.0-r0

<132.0-r0

<132.0-r0

<132.0-r0

<132.0-r0

<132.0-r0

<131.0.3-r0

<131.0.3-r0

<130.0-r0

Access of Resource Using Incompatible Type ('Type Confusion')

<130.0-r0

<130.0-r0

<130.0-r0

<130.0-r0

<130.0-r0

<130.0-r0

<130.0-r0

<130.0-r0

<130.0-r0

<130.0-r0

<130.0-r0

<130.0-r0

<130.0-r0

<130.0-r0

<130.0-r0

Access of Resource Using Incompatible Type ('Type Confusion')

<130.0-r0

GHSA-794f-5gfq-xmmq

<130.0-r0

GHSA-hj65-9wfc-jmf4

<130.0.1-r0

Open Redirect

<130.0.1-r0

Access of Resource Using Incompatible Type ('Type Confusion')

<129.0.2-r0

<129.0.2-r0

<129.0.2-r0

<129.0.2-r0

<129.0.2-r0

<129.0.2-r0

Use of Uninitialized Resource

<129.0.2-r0

<129.0.2-r0

<129.0.2-r0

<129.0.2-r0

<129.0.2-r0

<129.0.2-r0

Cross-site Scripting (XSS)

<129.0.2-r0

Cross-site Scripting (XSS)

<129.0.2-r0

<129.0.2-r0

<129.0.2-r0

<129.0.2-r0

<129.0.2-r0

<129.0.2-r0

<129.0.2-r0

Cross-site Scripting (XSS)

<129.0.2-r0

GHSA-5x3f-3wg2-mc2h

<129.0.2-r0

Improper Handling of Exceptional Conditions

<129.0.2-r0

CVE-2024-7531

<129.0.2-r0

Out-of-bounds Read

<129.0.2-r0

Incorrect Default Permissions

<129.0.2-r0

GHSA-w3xp-69rr-q6gw

<129.0.2-r0

Cross-site Scripting (XSS)

<129.0.2-r0

<129.0.2-r0

<129.0.2-r0

<129.0.2-r0

<129.0.2-r0

<129.0.2-r0

<129.0.2-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<128.0-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

Improper Restriction of Rendered UI Layers or Frames

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

<127.0.2-r0

firefox vulnerabilities

Direct Vulnerabilities

How to fix?