Nixpkgs security tracker
9.8 CRITICAL
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Activity log
- Created suggestion
Mitigation bypass in the DOM: Security component
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
References
Affected products
- =<*
- =<140.*
- =<*
- =<140.*
Matching in nixpkgs
pkgs.firefoxpwa
Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)
pkgs.faust2firefox
The faust2firefox script, part of faust functional programming language for realtime audio signal processing
pkgs.firefox_decrypt
Tool to extract passwords from profiles of Mozilla Firefox and derivates
pkgs.thunderbird-mcp
MCP server for Thunderbird - enables AI assistants to access email, contacts, and calendars
pkgs.pkgsRocm.firefox
Web browser built from Firefox source tree
pkgs.firefox-unwrapped
Web browser built from Firefox source tree
pkgs.firefox-gnome-theme
GNOME theme for Firefox
pkgs.firefox-sync-client
Commandline-utility to list/view/edit/delete entries in a firefox-sync account
pkgs.pkgsRocm.firefoxpwa
Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)
pkgs.firefoxpwa-unwrapped
Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)
pkgs.pkgsRocm.thunderbird
Full-featured e-mail client
pkgs.firefox-esr-unwrapped
Web browser built from Firefox source tree
-
nixos-unstable 140.9.1esr
- nixpkgs-unstable 140.9.1esr
- nixos-unstable-small 140.9.1esr
-
nixos-25.11 140.9.1esr
- nixos-25.11-small 140.9.1esr
- nixpkgs-25.11-darwin 140.9.1esr
pkgs.pkgsRocm.firefox-beta
Web browser built from Firefox Beta Release source tree
pkgs.thunderbird-unwrapped
Full-featured e-mail client
pkgs.firefox-beta-unwrapped
Web browser built from Firefox Beta Release source tree
pkgs.pkgsRocm.firefox-mobile
Web browser built from Firefox source tree
pkgs.firefox-esr-140-unwrapped
Web browser built from Firefox source tree
-
nixos-unstable 140.9.1esr
- nixpkgs-unstable 140.9.1esr
- nixos-unstable-small 140.9.1esr
-
nixos-25.11 140.9.1esr
- nixos-25.11-small 140.9.1esr
- nixpkgs-25.11-darwin 140.9.1esr
pkgs.thunderbird-140-unwrapped
Full-featured e-mail client
-
nixos-unstable 140.7.2esr
- nixpkgs-unstable 140.7.2esr
- nixos-unstable-small 140.7.2esr
-
nixos-25.11 140.7.2esr
- nixos-25.11-small 140.7.2esr
- nixpkgs-25.11-darwin 140.7.2esr
pkgs.thunderbird-esr-unwrapped
Full-featured e-mail client
-
nixos-unstable 140.7.2esr
- nixpkgs-unstable 140.7.2esr
- nixos-unstable-small 140.7.2esr
-
nixos-25.11 140.7.2esr
- nixos-25.11-small 140.7.2esr
- nixpkgs-25.11-darwin 140.7.2esr
pkgs.pkgsRocm.firefox-unwrapped
Web browser built from Firefox source tree
pkgs.pkgsRocm.firefox-devedition
Web browser built from Firefox Developer Edition source tree
pkgs.pkgsRocm.thunderbird-latest
Full-featured e-mail client
pkgs.firefox-devedition-unwrapped
Web browser built from Firefox Developer Edition source tree
pkgs.thunderbird-latest-unwrapped
Full-featured e-mail client
pkgs.pkgsRocm.thunderbird-unwrapped
Full-featured e-mail client
pkgs.pkgsRocm.firefox-beta-unwrapped
Web browser built from Firefox Beta Release source tree
pkgs.thunderbirdPackages.thunderbird
Full-featured e-mail client
pkgs.gnomeExtensions.firefox-profiles
Easily launch Firefox with your favorite profile right from the indicator menu!
pkgs.roundcubePlugins.thunderbird_labels
None
pkgs.thunderbirdPackages.thunderbird-140
Full-featured e-mail client
-
nixos-unstable 140.7.2esr
- nixpkgs-unstable 140.7.2esr
- nixos-unstable-small 140.7.2esr
-
nixos-25.11 140.7.2esr
- nixos-25.11-small 140.7.2esr
- nixpkgs-25.11-darwin 140.7.2esr
pkgs.thunderbirdPackages.thunderbird-esr
Full-featured e-mail client
-
nixos-unstable 140.7.2esr
- nixpkgs-unstable 140.7.2esr
- nixos-unstable-small 140.7.2esr
-
nixos-25.11 140.7.2esr
- nixos-25.11-small 140.7.2esr
- nixpkgs-25.11-darwin 140.7.2esr
pkgs.pkgsRocm.firefox-devedition-unwrapped
Web browser built from Firefox Developer Edition source tree
pkgs.pkgsRocm.thunderbird-latest-unwrapped
Full-featured e-mail client
pkgs.thunderbirdPackages.thunderbird-latest
Full-featured e-mail client
pkgs.pkgsRocm.thunderbirdPackages.thunderbird
Full-featured e-mail client
pkgs.gnomeExtensions.firefox-pip-always-on-top
Automatically sets Picture-in-Picture windows to always be on top and visible on all workspaces
pkgs.gnomeExtensions.pip-alwaysontop-for-firefox
Enable Picture-in-Picture(PIP) mode to always be on for Firefox in Gnome.
pkgs.pkgsRocm.thunderbirdPackages.thunderbird-latest
Full-featured e-mail client
pkgs.vscode-extensions.firefox-devtools.vscode-firefox-debug
Visual Studio Code extension for debugging web applications and browser extensions in Firefox
Package maintainers
-
@pmahoney Patrick Mahoney <pat@polycrystal.org>
-
@magnetophon Bart Brouns <bart@magnetophon.nl>
-
@jopejoe1 jopejoe1 <nixpkgs@missing.ninja>
-
@rhendric Ryan Hendrickson
-
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
-
@nekowinston winston <hey@winston.sh>
-
@ambroisie Bruno BELANYI <bruno.nixpkgs@belanyi.fr>
-
@booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com>
-
@unode Renato Alves <alves.rjc@gmail.com>
-
@schnusch schnusch
-
@pasqui23 pasqui23 <p3dimaria@hotmail.it>
-
@camillemndn Camille M. <camillemondon@free.fr>
-
@honnip Jung seungwoo <me@honnip.page>
-
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
-
@vcunat Vladimír Čunát <v@cunat.cz>
-
@nbp Nicolas B. Pierron <nixos@nbp.name>
-
@felschr Felix Schröter <dev@felschr.com>
-
@drupol Pol Dellaiera <pol.dellaiera@protonmail.com>