Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: firefox-esr-140-unwrapped

Found 56 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2013-5594
created 1 month ago
Mozilla Firefox before 25 allows modification of anonymous content of …

Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding

References

Affected products

Firefox
  • ==before 2013

Matching in nixpkgs

Package maintainers

Untriaged
Permalink CVE-2013-1689
created 1 month ago
Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause …

Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames.

References

Affected products

Firefox
  • ==20.0a1

Matching in nixpkgs

Package maintainers

Untriaged
Permalink CVE-2011-2668
created 1 month ago
Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the …

Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header

References

Affected products

Firefox
  • ==1.5.0.3 and earlier

Matching in nixpkgs

Package maintainers

Untriaged
Permalink CVE-2011-2669
created 1 month ago
Mozilla Firefox prior to 3.6 has a DoS vulnerability due …

Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates.

References

Affected products

Firefox
  • ==prior to 3.6

Matching in nixpkgs

Package maintainers

Untriaged
Permalink CVE-2011-2670
created 1 month ago
Mozilla Firefox before 3.6 is vulnerable to XSS via the …

Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets

References

Affected products

Firefox
  • ==before 3.6

Matching in nixpkgs

Package maintainers

Published
Permalink CVE-2026-2447
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 1 month ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month ago
  • @jopejoe1 removed
    11 packages
    • firefoxpwa
    • faust2firefox
    • firefox_decrypt
    • firefox-gnome-theme
    • firefox-sync-client
    • pkgsRocm.firefoxpwa
    • gnomeExtensions.firefox-profiles
    • roundcubePlugins.thunderbird_labels
    • gnomeExtensions.firefox-pip-always-on-top
    • gnomeExtensions.pip-alwaysontop-for-firefox
    • vscode-extensions.firefox-devtools.vscode-firefox-debug
    1 month ago
  • @LeSuisse removed
    17 packages
    • thunderbirdPackages.thunderbird-128
    • pkgsRocm.firefox
    • pkgsRocm.thunderbird
    • pkgsRocm.firefox-beta
    • pkgsRocm.thunderbird-unwrapped
    • firefox-devedition-unwrapped
    • pkgsRocm.firefox-devedition
    • pkgsRocm.firefox-unwrapped
    • pkgsRocm.thunderbird-latest
    • pkgsRocm.thunderbird-latest-unwrapped
    • pkgsRocm.firefox-devedition-unwrapped
    • pkgsRocm.thunderbirdPackages.thunderbird
    • pkgsRocm.thunderbirdPackages.thunderbird-latest
    • thunderbird-128-unwrapped
    • pkgsRocm.firefox-mobile
    • pkgsRocm.firefox-beta-unwrapped
    • firefox-beta-unwrapped
    1 month ago
  • @LeSuisse removed
    4 maintainers
    • @nbp
    • @vcunat
    • @mweinelt
    • @lovesegfault
    1 month ago
  • @LeSuisse accepted 1 month ago
  • @LeSuisse published on GitHub 1 month ago
Heap buffer overflow in libvpx

Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2.

References

Affected products

Firefox
  • <147.0.4
Firefox ESR
  • <140.7.1
  • <115.32.1
Thunderbird
  • <147.0.2
  • <140.7.2

Matching in nixpkgs

Package maintainers

Ignored maintainers (4) 
Upstream advisory: https://github.com/advisories/GHSA-c99q-x737-hc5j