firefox vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the firefox package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L Allocation of Resources Without Limits or Throttling	*
M Integer Overflow or Wraparound	*
H Out-of-bounds Read	<0:140.4.0-3.el10_0
H Use After Free	<0:140.4.0-3.el10_0
M Interpretation Conflict	<0:140.4.0-3.el10_0
H Out-of-Bounds	<0:140.4.0-3.el10_0
H Improper Access Control	<0:140.4.0-3.el10_0
H Out-of-Bounds	<0:140.4.0-3.el10_0
H Exposure of System Data to an Unauthorized Control Sphere	<0:140.4.0-3.el10_0
M Out-of-bounds Read	<0:140.3.0-1.el10_0
M Integer Overflow or Wraparound	<0:140.3.0-1.el10_0
M CVE-2025-10529	<0:140.3.0-1.el10_0
H Access of Uninitialized Pointer	<0:140.3.0-1.el10_0
H CVE-2025-10537	<0:140.3.0-1.el10_0
L CVE-2025-10536	<0:140.3.0-1.el10_0
H Use After Free	<0:140.3.0-1.el10_0
M Allocation of Resources Without Limits or Throttling	*
L Improper Neutralization	*
M Information Exposure Through Caching	*
M Improper Input Validation	*
L Resource Exhaustion	<0:128.14.0-2.el10_0
H Information Exposure	<0:128.14.0-2.el10_0
H Out-of-Bounds	<0:128.14.0-2.el10_0
M Improper Initialization	<0:128.14.0-2.el10_0
H Out-of-Bounds	<0:128.14.0-2.el10_0
L Improper Encoding or Escaping of Output	*
M Buffer Over-read	*
M Resource Exhaustion	*
M Arbitrary Code Injection	<0:128.13.0-1.el10_0
M Incorrect Default Permissions	<0:128.13.0-1.el10_0
M Cross-site Scripting (XSS)	<0:128.13.0-1.el10_0
H Out-of-Bounds	<0:128.13.0-1.el10_0
M Protection Mechanism Failure	<0:128.13.0-1.el10_0
H Use of Uninitialized Variable	<0:128.13.0-1.el10_0
L NULL Pointer Dereference	<0:128.13.0-1.el10_0
H Insufficient Protection Against Instruction Skipping Via Fault Injection	<0:128.13.0-1.el10_0
H Out-of-Bounds	<0:128.13.0-1.el10_0
M Integer Overflow or Wraparound	*
H Numeric Truncation Error	*
L Missing Synchronization	*
L NULL Pointer Dereference	*
L User Interface (UI) Misrepresentation of Critical Information	*
L Out-of-bounds Read	*
L Double Free	*
L Race Condition	*
L Improper Validation of Specified Quantity in Input	*
L Uncontrolled Memory Allocation	*
L Improper Check for Unusual or Exceptional Conditions	*
L Information Exposure	*
M Exposure of System Data to an Unauthorized Control Sphere	*
M Information Exposure	*
M User Interface (UI) Misrepresentation of Critical Information	*
M Use After Free	*
M Out-of-Bounds	*
M Buffer Overflow	*
M Use After Free	*
M Buffer Overflow	*
M Out-of-Bounds	*
M Use After Free	*
M Open Redirect	*
M Unintended Proxy or Intermediary ('Confused Deputy')	*
M Out-of-Bounds	*
M Improper Restriction of Rendered UI Layers or Frames	*
M Access of Uninitialized Pointer	*
M Missing Authentication for Critical Function	*
H Buffer Overflow	*
H Buffer Overflow	*
H Buffer Overflow	*
H Use After Free	*
H Buffer Overflow	*
H Use After Free	*
H Buffer Overflow	*
H Arbitrary Code Injection	*
H Arbitrary Code Injection	*
H Buffer Overflow	*
H Buffer Overflow	*
H Improper Restriction of Rendered UI Layers or Frames	*
H Buffer Overflow	*
M HTTP Request Smuggling	*
L HTTP Request Smuggling	*
M Cross-site Scripting (XSS)	<0:128.12.0-1.el10_0
M Use of Incorrectly-Resolved Name or Reference	<0:128.12.0-1.el10_0
M Information Exposure	<0:128.12.0-1.el10_0
H Use After Free	<0:128.12.0-1.el10_0
L Improper Input Validation	*
L Improper Resource Shutdown or Release	*
L Use After Free	*
L Reachable Assertion	*
H Double Free	<0:128.11.0-1.el10_0
L Improper Check for Unusual or Exceptional Conditions	*
L Improper Restriction of Rendered UI Layers or Frames	*
M Improper Cleanup on Thrown Exception	*
H Buffer Overflow	*
H Buffer Overflow	*
H Use After Free	*
H Use After Free	*
H Access of Resource Using Incompatible Type ('Type Confusion')	*
H Out-of-bounds Read	*
M Allocation of Resources Without Limits or Throttling	*
M Heap-based Buffer Overflow	*
L Race Condition	*
L Improper Restriction of Rendered UI Layers or Frames	<0:128.11.0-1.el10_0
M Inclusion of Functionality from Untrusted Control Sphere	<0:128.11.0-1.el10_0
M Out-of-Bounds	<0:128.11.0-1.el10_0
M Improper Encoding or Escaping of Output	<0:128.11.0-1.el10_0
M Inclusion of Functionality from Untrusted Control Sphere	<0:128.11.0-1.el10_0
M Out-of-Bounds	<0:128.11.0-1.el10_0
M CVE-2025-48068	*
M Improper Validation of Unsafe Equivalence in Input	*
H Out-of-bounds Write	<0:128.10.1-1.el10_0
H Out-of-bounds Write	<0:128.10.1-1.el10_0
L Use After Free	*
L Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)	*
L Information Exposure	*
L Product UI does not Warn User of Unsafe Actions	*
M Double Free	*
M User Interface (UI) Misrepresentation of Critical Information	*
M Cross-site Scripting (XSS)	*
M Improper Validation of Integrity Check Value	*
H Buffer Overflow	*
M Incomplete Filtering of Special Elements	*
M Buffer Overflow	<0:128.10.0-1.el10_0
M Out-of-bounds Read	<0:128.10.0-1.el10_0
H Buffer Overflow	<0:128.10.0-1.el10_0
H Arbitrary Code Injection	<0:128.10.0-1.el10_0
H Insufficient Compartmentalization	<0:128.10.0-1.el10_0
M Origin Validation Error	<0:128.9.0-3.el10_0
H Buffer Overflow	<0:128.9.0-3.el10_0
H Use After Free	<0:128.9.0-3.el10_0

Vulnerability

Vulnerable Version

Allocation of Resources Without Limits or Throttling