Homepage

Firefox-ESR vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the https://ftp.mozilla.org|Firefox-ESR package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • C
Improper Certificate Validation

[,128.6)
  • H
Use After Free

[,128.6)
  • H
Improper Privilege Management

[,128.6)
  • H
Use After Free

[,115.19)[120.0,128.6)
  • H
Out-of-bounds Write

[,128.6)
  • H
Out-of-Bounds

[,115.19)[120.0,128.6)
  • M
Out-of-Bounds

[,128.6)
  • H
User Interface (UI) Misrepresentation of Critical Information

[,128.5)
  • H
Out-of-bounds Write

[,115.18)[,128.5)
  • M
Improper Initialization

[,128.5)
  • M
Access Control Bypass

[,128.5)
  • M
Cross-site Scripting (XSS)

[,115.18)[,128.5)
  • H
Arbitrary Code Injection

[,128.5)
  • M
Improper Check for Unusual or Exceptional Conditions

[,128.5)
  • H
User Interface (UI) Misrepresentation of Critical Information

[,128.5)
  • H
Out-of-Bounds

[,128.5)
  • H
Out-of-Bounds

[,128.4)
  • M
Denial of Service (DoS)

[,128.4)
  • H
Use After Free

[,115.17)
  • H
Incorrect Default Permissions

[,115.17)
  • M
Cross-site Scripting (XSS)

[,128.4)
  • M
User Interface (UI) Misrepresentation of Critical Information

[,128.4)
  • M
Exposure of Resource to Wrong Sphere

[,115.17)
  • M
User Interface (UI) Misrepresentation of Critical Information

[,128.4)
  • M
Denial of Service (DoS)

[,128.4)
  • H
User Impersonation

[,128.4)
  • H
Use After Free

[,115.16.1)[128.0,128.3.1)
  • M
Information Exposure

[,128.3)
  • L
Information Exposure

[,128.3)
  • H
Origin Validation Error

[,115.16)[116.0,128.3)
  • H
Arbitrary Code Injection

[,115.16)[116.0,128.3)
  • M
Improper Restriction of Rendered UI Layers or Frames

[,128.3)
  • M
Denial of Service (DoS)

[,128.3)
  • H
Arbitrary Code Injection

[,115.16)[116.0,128.3)
  • M
Out-of-bounds Write

[,128.3)
  • M
Out-of-bounds Write

[,128.3)
  • C
Out-of-Bounds

[,128.3)
  • C
Out-of-Bounds

[,128.3)[115.0,115.16)
  • H
Type Confusion

[,115.13)
  • M
Type Confusion

[,115.15)[,128.2)
  • M
Information Exposure

[,115.15)[,128.2)
  • H
Improper Handling of Exceptional Conditions

[,115.15)[,128.2)
  • M
Access of Resource Using Incompatible Type ('Type Confusion')

[,128.2)
  • M
Out-of-bounds Write

[,115.15)[,128.2)
  • L
User Interface (UI) Misrepresentation of Critical Information

[,128.2)
  • H
Out-of-Bounds

[,128.2)
  • C
Use After Free

[,115.14)[116.0,128.1)
  • H
User Interface (UI) Misrepresentation of Critical Information

[,115.14)[116.0,128.1)
  • M
Information Exposure

[,115.14)[116.0,128.1)
  • C
Cross-site Scripting (XSS)

[,115.14)[116.0,128.1)
  • H
Out-of-bounds Read

[,115.14)[116.0,128.1)
  • H
Information Exposure

[,115.14)[116.0,128.1)
  • H
User Interface (UI) Misrepresentation of Critical Information

[,128.1)
  • H
Improper Access Control

[,115.14)[116.0,128.1)
  • H
Use After Free

[,115.14)[116.0,128.1)
  • M
Type Confusion

[,128.1)
  • C
Out-of-bounds Write

[,115.14)[116.0,128.1)
  • H
Use After Free

[,128.1)
  • H
Out-of-bounds Write

[,115.13)
  • H
Improper Restriction of Operations within the Bounds of a Memory Buffer

[,115.13)
  • C
Race Condition

[,115.13)
  • M
Out-of-bounds Read

[,115.13)
  • M
Access of Uninitialized Pointer

[,115.13)
  • M
Access Restriction Bypass

[,115.3)
  • M
Timing Attack

[,115.12)
  • H
Use After Free

[,115.12)
  • M
Cross-site Scripting (XSS)

[,115.12)
  • H
Use After Free

[,115.12)
  • H
Improper Privilege Management

[,115.12)
  • M
Out-of-bounds Write

[,115.12)
  • M
Improper Input Validation

[,115.12)
  • H
Improper Restriction of Operations within the Bounds of a Memory Buffer

[,115.12)
  • M
Exposure of Sensitive Information to an Unauthorized Actor

[,115.11)
  • M
Information Exposure

[,115.11)
  • H
User Interface (UI) Misrepresentation of Critical Information

[,115.11)
  • M
Classic Buffer Overflow

[,115.11)
  • M
Use After Free

[,115.11)
  • H
Resource Exhaustion

[,115.10)
  • L
Uncontrolled Resource Consumption ('Resource Exhaustion')

[,115.10)
  • H
Use After Free

[,115.10)
  • M
Use After Free

[,115.10)
  • M
Out-of-bounds Read

[,115.10)
  • M
Insufficient UI Warning of Dangerous Operations

[,115.10)
  • H
Out-of-bounds Read

[,115.10)
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

[,115.10)
  • H
Out-of-Bounds

[,115.10)
  • C
Improper Control of Generation of Code ('Code Injection')

[,115.9.1)
  • H
Uncontrolled Resource Consumption ('Resource Exhaustion')

[,115.9)
  • M
Improper Privilege Management

[,115.9)
  • M
Timing Attack

[,115.9)
  • H
Code Injection

[,115.9)
  • M
Cross-Site Request Forgery (CSRF)

[,115.9)
  • H
Integer Overflow or Wraparound

[,115.9)
  • H
Out-of-bounds Write

[,115.9)
  • H
Out-of-bounds Write

[,115.9)
  • H
Code Injection

[,115.9)
  • H
Out-of-bounds Read

[,115.8)
  • M
User Interface (UI) Misrepresentation of Critical Information

[,115.8)
  • H
Open Redirect

[,115.8)
  • M
User Interface (UI) Misrepresentation of Critical Information

[,115.8)
  • M
The UI Performs the Wrong Action

[,115.8)
  • H
Buffer Overflow

[,115.8)
  • M
Incorrect Conversion between Numeric Types

[,115.8)
  • M
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

[,115.8)
  • M
Inadequate Encryption Strength

[,115.7)
  • M
Improper Restriction of Operations within the Bounds of a Memory Buffer

[,115.7)
  • M
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

[,122)
  • M
Improper Access Control

[,115.7)
  • M
User Interface (UI) Misrepresentation of Critical Information

[,115.7)
  • M
Out-of-bounds Write

[,115.7)
  • M
Improper Input Validation

[,115.6)
  • M
Use After Free

[,115.6)
  • H
Heap-based Buffer Overflow

[,115.6)
  • H
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

[,115.6)
  • H
Use of Uninitialized Resource

[,115.6)
  • M
Improper Input Validation

[,121)
  • M
Heap-based Buffer Overflow

[,115.6)
  • M
Use After Free

[,115.6)
  • M
Heap-based Buffer Overflow

[,115.6)
  • M
Race Condition

[,115.6)
  • M
Improper Restriction of Rendered UI Layers or Frames

[,115.6)
  • H
Buffer Overflow

[115.4,115.5)
  • H
Out-of-bounds Read

[,115.5)
  • H
Improper Restriction of Rendered UI Layers or Frames

[,115.5)
  • M
Improper Restriction of Rendered UI Layers or Frames

[,115.5)
  • H
Use After Free

[,120)
  • M
Directory Traversal

[,120)
  • H
Use After Free

[,115.5)
  • H
Buffer Overflow

[,115.4)
  • M
Information Exposure

[,115.4)
  • M
Improper Input Validation

[,115.4)
  • M
Product UI Spoofing

[,115.4)
  • M
URL Redirection to Untrusted Site

[,115.4)
  • H
Product UI Manipulable for User-Controlled Input

[,115.4)
  • M
Improper Release of Memory Before Removing Last Reference

[,115.4)
  • M
Improper Restriction of Operations within the Bounds of a Memory Buffer

[,115.4)
  • M
Insufficient UI Warning of Dangerous Operations

[,115.4)
  • M
Multiple Interpretations of UI Input

[,115.4)
  • M
Double Free

[,115.3)
  • H
Out-of-bounds Write

[,115.3)
  • H
Out-of-bounds Write

[,115.3)
  • H
Use After Free

[,115.3)
  • H
Buffer Overflow

[115.2,115.3)
  • H
Denial of Service (DoS)

[,115.2)
  • H
Use After Free

[,115.2)
  • H
Buffer Overflow

[115.1,115.2)
  • H
Buffer Overflow

[,115.2)
  • M
Information Exposure

[,115.2)
  • H
Integer Overflow or Wraparound

[,115.2)
  • H
Denial of Service (DoS)

[,115.2)
  • M
Denial of Service (DoS)

[,115.2)
  • M
Insecure Defaults

[,115.2)
  • H
Buffer Overflow

[,115.1)
  • H
Out-of-bounds Read

[,115.1)
  • M
Improper Access Control

[,115.1)
  • H
Denial of Service (DoS)

[,115.1)
  • M
Reliance on Cookies without Validation and Integrity Checking

[,115.1)
  • H
Race Condition

[,115.1)
  • M
Improper Input Validation

[,115.1)
  • H
Insecure Permissions

[,115.1)
  • H
Unsafe Dependency Resolution

[,115.1)
  • H
Buffer Overflow

[,115.1)
  • H
Buffer Overflow

[,115.1)
  • H
Use After Free

[,115.0.2)
  • H
Use After Free

[,102.13)
  • M
Compilation with Insufficient Warnings or Errors

[,102.13)
  • H
Buffer Overflow

[,102.13)
  • M
User Impersonation

[,102.13)
  • H
Use After Free

[,102.13)
  • H
Denial of Service (DoS)

[,102.12)
  • H
Buffer Overflow

[,102.12)
  • H
Buffer Overflow

[,102.11)
  • M
Denial of Service (DoS)

[,102.11)
  • H
Authentication Bypass

[,102.11)
  • L
Access Restriction Bypass

[,102.10)
  • M
Multiple Interpretations of UI Input

[,102.10)
  • M
Denial of Service (DoS)

[,102.10)
  • H
Out-of-Bounds Write

[102.9,102.10)
  • H
Out-of-bounds Write

[,102.10)
  • M
Access Restriction Bypass

[,102.10)
  • M
Access Restriction Bypass

[,102.10)
  • H
Denial of Service (DoS)

[,102.10)
  • M
Access Restriction Bypass

[,102.10)
  • L
Improper Restriction of Rendered UI Layers or Frames

[,102.10)
  • M
Access Restriction Bypass

[,102.10)
  • H
Denial of Service (DoS)

[,102.10)
  • H
Denial of Service (DoS)

[102.8,102.9)
  • H
Buffer Overflow

[,102.8)
  • H
Buffer Overflow

[,102.8)
  • M
Arbitrary Command Injection

[,102.7)
  • M
Authentication Bypass

[,102.7)
  • M
Missing Origin Validation in WebSockets

[,102.7)
  • M
Incorrect Regular Expression

[,102.7)
  • H
Buffer Overflow

[102.6,102.7)
  • H
Remote Code Execution (RCE)

[,102.7)
  • M
Arbitrary File Read

[,102.7)
  • H
Time-of-check Time-of-use (TOCTOU) Race Condition

[,91.6)
  • H
Sandbox Bypass

[,91.6)
  • M
Information Exposure

[,91.6)
  • H
Arbitrary Code Execution

[,91.6)
  • H
Arbitrary Code Execution

[,91.6)
  • H
Denial of Service (DoS)

[,91.4.0)
  • M
Access Restriction Bypass

[,91.6)
  • M
Denial of Service (DoS)

[,91.6)
  • H
Authorization Bypass

[,91.6)
  • H
Information Exposure

[,102.6)
  • H
Use After Free

[,102.6)
  • M
Use After Free

[,102.6)
  • H
Denial of Service (DoS)

[,102.6)
  • H
Denial of Service (DoS)

[,102.6)
  • M
Insufficient UI Warning of Dangerous Operations

[,102.6)
  • M
Arbitrary Code Execution

[,102.6)
  • H
Use After Free

[,102.5)
  • H
Access Control Bypass

[,102.5)
  • H
Use After Free

[,102.5)
  • H
Unsafe Dependency Resolution

[,102.5)
  • H
Buffer Overflow

[,102.5)
  • M
Improper Access Control

[,102.5)
  • M
Cross-site Scripting (XSS)

[,102.5)
  • M
Buffer Overflow

[,102.5)
  • M
Improper Access Control

[,102.5)
  • M
Information Exposure

[,102.5)
  • M
Access Control Bypass

[,102.5)
  • H
Access Control Bypass

[,102.5)
  • H
Use After Free

[,102.5)
  • H
Improper Restriction of Rendered UI Layers or Frames

[,91.13)[100.0,102.2)
  • H
Buffer Overflow

[,102.2)
  • M
Use After Free

[,102.2)
  • H
Product UI does not Warn User of Unsafe Actions

[,91.13)[100.0,102.2)
  • H
Buffer Overflow

[,91.13)[100.0,102.2)
  • H
Buffer Overflow

[,91.11)
  • M
Out-of-bounds Read

[,91.8.0)
  • H
Buffer Overflow

[,91.8.0)
  • M
Use After Free

[,91.8.0)
  • H
Use After Free

[,91.8.0)
  • M
Improper Restriction of Rendered UI Layers or Frames

[,91.8.0)
  • H
Out-of-bounds Write

[,91.8.0)
  • M
Use After Free

[,91.8.0)
  • H
Use After Free

[,91.7)
  • L
Improper Preservation of Permissions

[,91.7)
  • H
User Interface Misrepresentation of Critical Information

[,91.7)
  • C
Use After Free

[,91.6.1)
  • C
Use After Free

[,91.6.1)