Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-0268

NIXPKGS-2026-0268
published on
Permalink CVE-2026-2447
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 months, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 2 months, 2 weeks ago
  • @jopejoe1 ignored
    11 packages
    • firefoxpwa
    • faust2firefox
    • firefox_decrypt
    • firefox-gnome-theme
    • firefox-sync-client
    • pkgsRocm.firefoxpwa
    • gnomeExtensions.firefox-profiles
    • roundcubePlugins.thunderbird_labels
    • gnomeExtensions.firefox-pip-always-on-top
    • gnomeExtensions.pip-alwaysontop-for-firefox
    • vscode-extensions.firefox-devtools.vscode-firefox-debug
    2 months, 2 weeks ago
  • @LeSuisse ignored
    17 packages
    • thunderbirdPackages.thunderbird-128
    • pkgsRocm.firefox
    • pkgsRocm.thunderbird
    • pkgsRocm.firefox-beta
    • pkgsRocm.thunderbird-unwrapped
    • firefox-devedition-unwrapped
    • pkgsRocm.firefox-devedition
    • pkgsRocm.firefox-unwrapped
    • pkgsRocm.thunderbird-latest
    • pkgsRocm.thunderbird-latest-unwrapped
    • pkgsRocm.firefox-devedition-unwrapped
    • pkgsRocm.thunderbirdPackages.thunderbird
    • pkgsRocm.thunderbirdPackages.thunderbird-latest
    • thunderbird-128-unwrapped
    • pkgsRocm.firefox-mobile
    • pkgsRocm.firefox-beta-unwrapped
    • firefox-beta-unwrapped
    2 months, 2 weeks ago
  • @LeSuisse deleted
    4 maintainers
    • @nbp
    • @vcunat
    • @mweinelt
    • @lovesegfault
    2 months, 2 weeks ago maintainer.delete
  • @LeSuisse accepted 2 months, 2 weeks ago
  • @LeSuisse published on GitHub 2 months, 2 weeks ago
Heap buffer overflow in libvpx

Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2.

Affected products

Firefox
  • <147.0.4
Firefox ESR
  • <140.7.1
  • <115.32.1
Thunderbird
  • <140.7.2
  • <147.0.2

Matching in nixpkgs

Ignored packages (28)

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 5
    • nixpkgs-unstable 5
    • nixos-unstable-small 5
  • nixos-25.11 5
    • nixos-25.11-small 5
    • nixpkgs-25.11-darwin 5

Package maintainers

Ignored maintainers (4) 
Upstream advisory: https://github.com/advisories/GHSA-c99q-x737-hc5j