firefox vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the firefox package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
CVE-2024-11695

<0:128.5.1-1.0.1.el9_5
  • H
CVE-2024-11697

<0:128.5.1-1.0.1.el9_5
  • H
CVE-2024-11696

<0:128.5.1-1.0.1.el9_5
  • H
CVE-2024-11692

<0:128.5.1-1.0.1.el9_5
  • H
CVE-2024-11699

<0:128.5.1-1.0.1.el9_5
  • H
CVE-2024-11694

<0:128.5.1-1.0.1.el9_5
  • H
Information Exposure

<0:128.4.0-1.0.1.el9_5
  • H
CVE-2024-10458

<0:128.4.0-1.0.1.el9_5
  • H
Out-of-bounds Read

<0:128.4.0-1.0.1.el9_5
  • H
Authentication Bypass

<0:128.4.0-1.0.1.el9_5
  • H
Cross-site Scripting (XSS)

<0:128.4.0-1.0.1.el9_5
  • H
CVE-2024-10466

<0:128.4.0-1.0.1.el9_5
  • H
Authentication Bypass

<0:128.4.0-1.0.1.el9_5
  • H
Use After Free

<0:128.4.0-1.0.1.el9_5
  • H
CVE-2024-10460

<0:128.4.0-1.0.1.el9_5
  • H
Out-of-bounds Write

<0:128.4.0-1.0.1.el9_5
  • H
Use After Free

<0:128.4.0-1.0.1.el9_5
  • H
CVE-2024-9392

<0:128.3.0-1.0.1.el9_4
  • H
CVE-2024-9393

<0:128.3.0-1.0.1.el9_4
  • H
CVE-2024-9401

<0:128.3.0-1.0.1.el9_4
  • H
CVE-2024-9402

<0:128.3.0-1.0.1.el9_4
  • H
CVE-2024-9394

<0:128.3.0-1.0.1.el9_4
  • H
Out-of-bounds Write

<0:128.2.0-1.0.2.el9_4
  • H
Open Redirect

<0:128.2.0-1.0.2.el9_4
  • H
CVE-2024-8383

<0:128.2.0-1.0.2.el9_4
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<0:128.2.0-1.0.2.el9_4
  • H
CVE-2024-8382

<0:128.2.0-1.0.2.el9_4
  • H
Out-of-bounds Write

<0:128.2.0-1.0.2.el9_4
  • H
CVE-2024-7652

<0:128.2.0-1.0.2.el9_4
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<0:128.2.0-1.0.2.el9_4
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<0:115.14.0-2.0.1.el9_4
  • H
Cross-site Scripting (XSS)

<0:115.14.0-2.0.1.el9_4
  • H
Use of Uninitialized Resource

<0:115.14.0-2.0.1.el9_4
  • H
Out-of-bounds Write

<0:115.14.0-2.0.1.el9_4
  • H
Use After Free

<0:115.14.0-2.0.1.el9_4
  • H
Incorrect Default Permissions

<0:115.14.0-2.0.1.el9_4
  • H
Improper Handling of Exceptional Conditions

<0:115.14.0-2.0.1.el9_4
  • H
CVE-2024-7518

<0:115.14.0-2.0.1.el9_4
  • H
CVE-2024-7529

<0:115.14.0-2.0.1.el9_4
  • H
Out-of-bounds Read

<0:115.14.0-2.0.1.el9_4
  • H
Use After Free

<0:115.14.0-2.0.1.el9_4
  • H
CVE-2024-6601

<0:115.13.0-3.0.1.el9_4
  • H
CVE-2024-6604

<0:115.13.0-3.0.1.el9_4
  • H
CVE-2024-6603

<0:115.13.0-3.0.1.el9_4
  • H
CVE-2024-5702

<0:115.12.0-1.0.1.el9_4
  • H
CVE-2024-5700

<0:115.12.0-1.0.1.el9_4
  • H
CVE-2024-5693

<0:115.12.0-1.0.1.el9_4
  • H
Information Exposure

<0:115.12.0-1.0.1.el9_4
  • H
CVE-2024-5696

<0:115.12.0-1.0.1.el9_4
  • H
CVE-2024-5691

<0:115.12.0-1.0.1.el9_4
  • H
CVE-2024-5688

<0:115.12.0-1.0.1.el9_4
  • H
CVE-2024-4767

<0:115.11.0-1.0.1.el9_4
  • H
CVE-2024-4768

<0:115.11.0-1.0.1.el9_4
  • H
CVE-2024-4367

<0:115.11.0-1.0.1.el9_4
  • H
CVE-2024-4777

<0:115.11.0-1.0.1.el9_4
  • H
CVE-2024-4770

<0:115.11.0-1.0.1.el9_4
  • H
CVE-2024-4769

<0:115.11.0-1.0.1.el9_4
  • H
CVE-2024-3857

<0:115.10.0-1.0.1.el9_3
  • H
CVE-2024-3859

<0:115.10.0-1.0.1.el9_3
  • H
CVE-2024-3864

<0:115.10.0-1.0.1.el9_3
  • H
CVE-2024-3854

<0:115.10.0-1.0.1.el9_3
  • H
CVE-2024-3852

<0:115.10.0-1.0.1.el9_3
  • H
CVE-2024-3861

<0:115.10.0-1.0.1.el9_3
  • H
CVE-2024-2609

<0:115.10.0-1.0.1.el9_3
  • C
CVE-2024-2608

<0:115.9.1-1.0.1.el9_3
  • C
Unchecked Return Value

<0:115.9.1-1.0.1.el9_3
  • C
CVE-2024-2610

<0:115.9.1-1.0.1.el9_3
  • C
CVE-2024-2614

<0:115.9.1-1.0.1.el9_3
  • C
CVE-2024-2611

<0:115.9.1-1.0.1.el9_3
  • C
CVE-2024-29944

<0:115.9.1-1.0.1.el9_3
  • C
CVE-2024-2616

<0:115.9.1-1.0.1.el9_3
  • C
CVE-2024-2612

<0:115.9.1-1.0.1.el9_3
  • C
CVE-2023-5388

<0:115.9.1-1.0.1.el9_3
  • C
CVE-2024-2607

<0:115.9.1-1.0.1.el9_3
  • H
CVE-2024-1553

<0:115.8.0-1.0.1.el9_3
  • H
CVE-2024-1549

<0:115.8.0-1.0.1.el9_3
  • H
CVE-2024-1547

<0:115.8.0-1.0.1.el9_3
  • H
CVE-2024-1546

<0:115.8.0-1.0.1.el9_3
  • H
CVE-2024-1551

<0:115.8.0-1.0.1.el9_3
  • H
Incorrect Conversion between Numeric Types

<0:115.8.0-1.0.1.el9_3
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:115.8.0-1.0.1.el9_3
  • H
CVE-2024-1548

<0:115.8.0-1.0.1.el9_3
  • H
Origin Validation Error

<0:115.7.0-1.0.1.el9_3
  • H
CVE-2024-0750

<0:115.7.0-1.0.1.el9_3
  • H
Improper Privilege Management

<0:115.7.0-1.0.1.el9_3
  • H
CVE-2024-0746

<0:115.7.0-1.0.1.el9_3
  • H
Out-of-bounds Write

<0:115.7.0-1.0.1.el9_3
  • H
CVE-2024-0753

<0:115.7.0-1.0.1.el9_3
  • H
CVE-2024-0747

<0:115.7.0-1.0.1.el9_3
  • H
CVE-2024-0755

<0:115.7.0-1.0.1.el9_3
  • H
CVE-2024-0742

<0:115.7.0-1.0.1.el9_3
  • H
Out-of-bounds Write

<0:115.6.0-1.0.1.el9_3
  • H
Race Condition

<0:115.6.0-1.0.1.el9_3
  • H
CVE-2023-6863

<0:115.6.0-1.0.1.el9_3
  • H
CVE-2023-6865

<0:115.6.0-1.0.1.el9_3
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:115.6.0-1.0.1.el9_3
  • H
Use After Free

<0:115.6.0-1.0.1.el9_3
  • H
CVE-2023-6860

<0:115.6.0-1.0.1.el9_3
  • H
Out-of-bounds Write

<0:115.6.0-1.0.1.el9_3
  • H
Use After Free

<0:115.6.0-1.0.1.el9_3
  • H
Out-of-bounds Write

<0:115.6.0-1.0.1.el9_3
  • H
Out-of-bounds Write

<0:115.6.0-1.0.1.el9_3
  • H
Out-of-bounds Write

<0:115.5.0-1.0.1.el9_3
  • H
Use After Free

<0:115.5.0-1.0.1.el9_3
  • H
CVE-2023-6208

<0:115.5.0-1.0.1.el9_3
  • H
Directory Traversal

<0:115.5.0-1.0.1.el9_3
  • H
Out-of-bounds Read

<0:115.5.0-1.0.1.el9_3
  • H
Use After Free

<0:115.5.0-1.0.1.el9_3
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:115.5.0-1.0.1.el9_3
  • H
CVE-2023-5732

<0:115.4.0-1.0.1.el9_2
  • H
CVE-2023-5725

<0:115.4.0-1.0.1.el9_2
  • H
CVE-2023-5728

<0:115.4.0-1.0.1.el9_2
  • H
CVE-2023-5724

<0:115.4.0-1.0.1.el9_2
  • H
Out-of-bounds Write

<0:115.4.0-1.0.1.el9_2
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:115.4.0-1.0.1.el9_2
  • H
Improper Handling of Exceptional Conditions

<0:115.4.0-1.0.1.el9_2
  • H
Use After Free

<0:115.3.1-1.0.1.el9_2
  • H
Out-of-bounds Write

<0:115.3.1-1.0.1.el9_2
  • H
Out-of-bounds Write

<0:115.3.1-1.0.1.el9_2
  • H
Out-of-bounds Write

<0:115.3.1-1.0.1.el9_2
  • H
Use After Free

<0:115.3.1-1.0.1.el9_2
  • H
Out-of-bounds Write

<0:102.15.1-1.0.1.el9_2
  • H
Use After Free

<0:102.15.0-1.0.1.el9_2
  • H
CVE-2023-4581

<0:102.15.0-1.0.1.el9_2
  • H
CVE-2023-4577

<0:102.15.0-1.0.1.el9_2
  • H
Out-of-bounds Write

<0:102.15.0-1.0.1.el9_2
  • H
Allocation of Resources Without Limits or Throttling

<0:102.15.0-1.0.1.el9_2
  • H
CVE-2023-4583

<0:102.15.0-1.0.1.el9_2
  • H
Link Following

<0:102.15.0-1.0.1.el9_2
  • H
Use After Free

<0:102.15.0-1.0.1.el9_2
  • H
Out-of-bounds Write

<0:102.15.0-1.0.1.el9_2
  • H
CVE-2023-4051

<0:102.15.0-1.0.1.el9_2
  • H
Missing Encryption of Sensitive Data

<0:102.15.0-1.0.1.el9_2
  • H
Use After Free

<0:102.15.0-1.0.1.el9_2
  • H
CVE-2023-4047

<0:102.14.0-1.0.1.el9_2
  • H
Race Condition

<0:102.14.0-1.0.1.el9_2
  • H
Out-of-bounds Write

<0:102.14.0-1.0.1.el9_2
  • H
Out-of-bounds Read

<0:102.14.0-1.0.1.el9_2
  • H
CVE-2023-4055

<0:102.14.0-1.0.1.el9_2
  • H
Out-of-bounds Write

<0:102.14.0-1.0.1.el9_2
  • H
CVE-2023-4046

<0:102.14.0-1.0.1.el9_2
  • H
Origin Validation Error

<0:102.14.0-1.0.1.el9_2
  • H
Out-of-bounds Write

<0:102.14.0-1.0.1.el9_2
  • H
Out-of-bounds Write

<0:102.13.0-2.0.1.el9_2
  • H
CVE-2023-37208

<0:102.13.0-2.0.1.el9_2
  • H
Use After Free

<0:102.13.0-2.0.1.el9_2
  • H
Use After Free

<0:102.13.0-2.0.1.el9_2
  • H
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

<0:102.13.0-2.0.1.el9_2
  • H
Improper Certificate Validation

<0:102.12.0-1.0.1.el9_2
  • H
Out-of-bounds Write

<0:102.12.0-1.0.1.el9_2
  • H
Out-of-bounds Read

<0:102.11.0-2.0.1.el9_2
  • H
Authentication Bypass

<0:102.11.0-2.0.1.el9_2
  • H
CVE-2023-32205

<0:102.11.0-2.0.1.el9_2
  • H
CVE-2023-32211

<0:102.11.0-2.0.1.el9_2
  • H
CVE-2023-32212

<0:102.11.0-2.0.1.el9_2
  • H
Out-of-bounds Write

<0:102.11.0-2.0.1.el9_2
  • H
Use of Uninitialized Resource

<0:102.11.0-2.0.1.el9_2
  • H
Out-of-bounds Write

<0:102.10.0-1.0.1.el9_1
  • H
CVE-2023-29548

<0:102.10.0-1.0.1.el9_1
  • H
NULL Pointer Dereference

<0:102.10.0-1.0.1.el9_1
  • H
CVE-2023-29535

<0:102.10.0-1.0.1.el9_1
  • H
Improper Encoding or Escaping of Output

<0:102.10.0-1.0.1.el9_1
  • H
Use After Free

<0:102.10.0-1.0.1.el9_1
  • H
CVE-2023-29533

<0:102.10.0-1.0.1.el9_1
  • H
CVE-2023-29550

<0:102.10.0-1.0.1.el9_1
  • H
Out-of-bounds Write

<0:102.9.0-3.0.1.el9_1
  • H
Incorrect Type Conversion or Cast

<0:102.9.0-3.0.1.el9_1
  • H
CVE-2023-28164

<0:102.9.0-3.0.1.el9_1
  • H
CVE-2023-25751

<0:102.9.0-3.0.1.el9_1
  • H
CVE-2023-25752

<0:102.9.0-3.0.1.el9_1
  • H
CVE-2023-25742

<0:102.8.0-2.0.1.el9_1
  • H
CVE-2023-0767

<0:102.8.0-2.0.1.el9_1
  • H
Out-of-bounds Write

<0:102.8.0-2.0.1.el9_1
  • H
Out-of-bounds Write

<0:102.8.0-2.0.1.el9_1
  • H
Authentication Bypass

<0:102.8.0-2.0.1.el9_1
  • H
Use After Free

<0:102.8.0-2.0.1.el9_1
  • H
CVE-2023-25730

<0:102.8.0-2.0.1.el9_1
  • H
Out-of-bounds Write

<0:102.8.0-2.0.1.el9_1
  • H
CVE-2023-25728

<0:102.8.0-2.0.1.el9_1
  • H
Use After Free

<0:102.8.0-2.0.1.el9_1
  • H
CVE-2023-25737

<0:102.8.0-2.0.1.el9_1
  • H
CVE-2023-25729

<0:102.8.0-2.0.1.el9_1
  • H
Improper Encoding or Escaping of Output

<0:102.7.0-1.0.1.el9_1
  • H
Origin Validation Error

<0:102.7.0-1.0.1.el9_1
  • H
CVE-2022-46877

<0:102.7.0-1.0.1.el9_1
  • H
Out-of-bounds Write

<0:102.7.0-1.0.1.el9_1
  • H
CVE-2023-23598

<0:102.7.0-1.0.1.el9_1
  • H
CVE-2023-23603

<0:102.7.0-1.0.1.el9_1
  • H
Improper Check for Unusual or Exceptional Conditions

<0:102.7.0-1.0.1.el9_1
  • H
CVE-2022-46871

<0:102.7.0-1.0.1.el9_1
  • H
Out-of-bounds Write

<0:102.6.0-1.0.1.el9_1
  • H
CVE-2022-46872

<0:102.6.0-1.0.1.el9_1
  • H
CVE-2022-46874

<0:102.6.0-1.0.1.el9_1
  • H
Use After Free

<0:102.6.0-1.0.1.el9_1
  • H
Use After Free

<0:102.6.0-1.0.1.el9_1
  • H
Out-of-bounds Write

<0:102.6.0-1.0.1.el9_1
  • H
Link Following

<0:102.5.0-1.0.1.el9_1
  • H
CVE-2022-45410

<0:102.5.0-1.0.1.el9_1
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:102.5.0-1.0.1.el9_1
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:102.5.0-1.0.1.el9_1
  • H
Information Exposure

<0:102.5.0-1.0.1.el9_1
  • H
Use After Free

<0:102.5.0-1.0.1.el9_1
  • H
Cross-site Scripting (XSS)

<0:102.5.0-1.0.1.el9_1
  • H
Information Exposure

<0:102.5.0-1.0.1.el9_1
  • H
Use After Free

<0:102.5.0-1.0.1.el9_1
  • H
Out-of-bounds Write

<0:102.5.0-1.0.1.el9_1
  • H
Use After Free

<0:102.5.0-1.0.1.el9_1
  • H
CVE-2022-45408

<0:102.5.0-1.0.1.el9_1
  • H
CVE-2022-45404

<0:102.5.0-1.0.1.el9_1
  • H
NULL Pointer Dereference

<0:102.4.0-1.0.1.el9_0
  • H
Origin Validation Error

<0:102.4.0-1.0.1.el9_0
  • H
Out-of-bounds Write

<0:102.4.0-1.0.1.el9_0
  • H
CVE-2022-42929

<0:102.4.0-1.0.1.el9_0
  • H
Use After Free

<0:102.3.0-7.0.1.el9_0
  • H
Insecure Storage of Sensitive Information

<0:102.3.0-6.0.1.el9_0
  • H
Arbitrary Code Injection

<0:102.3.0-6.0.1.el9_0
  • H
Out-of-bounds Write

<0:102.3.0-6.0.1.el9_0
  • H
Cross-site Scripting (XSS)

<0:102.3.0-6.0.1.el9_0
  • H
CVE-2022-40957

<0:102.3.0-6.0.1.el9_0
  • H
Use After Free

<0:102.3.0-6.0.1.el9_0
  • H
Out-of-bounds Write

<0:91.13.0-1.0.1.el9_0
  • H
Origin Validation Error

<0:91.13.0-1.0.1.el9_0
  • H
Out-of-bounds Write

<0:91.13.0-1.0.1.el9_0
  • H
Use After Free

<0:91.13.0-1.0.1.el9_0
  • H
Improper Preservation of Permissions

<0:91.13.0-1.0.1.el9_0
  • H
Race Condition

<0:91.12.0-2.0.1.el9_0
  • H
Out-of-bounds Write

<0:91.12.0-2.0.1.el9_0
  • H
CVE-2022-36319

<0:91.12.0-2.0.1.el9_0
  • H
CVE-2022-34472

<0:91.11.0-2.0.1.el9_0
  • H
Use After Free

<0:91.11.0-2.0.1.el9_0
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<0:91.11.0-2.0.1.el9_0
  • H
Cross-site Scripting (XSS)

<0:91.11.0-2.0.1.el9_0
  • H
CVE-2022-34468

<0:91.11.0-2.0.1.el9_0
  • H
Use After Free

<0:91.11.0-2.0.1.el9_0
  • H
Integer Overflow or Wraparound

<0:91.11.0-2.0.1.el9_0
  • H
CVE-2022-34479

<0:91.11.0-2.0.1.el9_0
  • H
Out-of-bounds Read

<0:91.10.0-1.0.1.el9_0
  • H
Authentication Bypass

<0:91.10.0-1.0.1.el9_0
  • H
Out-of-bounds Write

<0:91.10.0-1.0.1.el9_0
  • H
CVE-2022-31742

<0:91.10.0-1.0.1.el9_0
  • H
CVE-2022-31740

<0:91.10.0-1.0.1.el9_0
  • H
CVE-2022-31736

<0:91.10.0-1.0.1.el9_0
  • H
Use of Uninitialized Resource

<0:91.10.0-1.0.1.el9_0
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<0:91.9.1-1.0.1.el9_0
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<0:91.9.1-1.0.1.el9_0
  • H
CVE-2022-29914

<0:91.9.0-1.0.1.el9_0
  • H
Open Redirect

<0:91.9.0-1.0.1.el9_0
  • H
CVE-2022-29916

<0:91.9.0-1.0.1.el9_0
  • H
Out-of-bounds Write

<0:91.9.0-1.0.1.el9_0
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:91.9.0-1.0.1.el9_0
  • H
Incorrect Default Permissions

<0:91.9.0-1.0.1.el9_0