Nixpkgs Security Tracker

Login with GitHub

Suggestions search

Untriaged
Filter by:
With package: firefox-esr-140-unwrapped

Found 55 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-2784
updated 2 weeks, 1 day ago by @mweinelt Activity log
  • Created automatic suggestion 3 weeks, 2 days ago
  • @mweinelt removed
    34 packages
    • firefoxpwa
    • faust2firefox
    • firefox_decrypt
    • pkgsRocm.firefox
    • firefox-gnome-theme
    • firefox-sync-client
    • pkgsRocm.firefoxpwa
    • pkgsRocm.thunderbird
    • vscode-extensions.firefox-devtools.vscode-firefox-debug
    • pkgsRocm.firefox-beta
    • firefox-beta-unwrapped
    • pkgsRocm.firefox-mobile
    • firefox-esr-unwrapped
    • thunderbird-128-unwrapped
    • thunderbird-esr-unwrapped
    • pkgsRocm.firefox-unwrapped
    • pkgsRocm.firefox-devedition
    • pkgsRocm.thunderbird-latest
    • firefox-devedition-unwrapped
    • pkgsRocm.thunderbird-unwrapped
    • pkgsRocm.firefox-beta-unwrapped
    • thunderbirdPackages.thunderbird
    • gnomeExtensions.firefox-profiles
    • roundcubePlugins.thunderbird_labels
    • thunderbirdPackages.thunderbird-128
    • thunderbirdPackages.thunderbird-140
    • thunderbirdPackages.thunderbird-esr
    • pkgsRocm.firefox-devedition-unwrapped
    • pkgsRocm.thunderbird-latest-unwrapped
    • thunderbirdPackages.thunderbird-latest
    • pkgsRocm.thunderbirdPackages.thunderbird
    • gnomeExtensions.firefox-pip-always-on-top
    • gnomeExtensions.pip-alwaysontop-for-firefox
    • pkgsRocm.thunderbirdPackages.thunderbird-latest
    2 weeks, 1 day ago
Mitigation bypass in the DOM: Security component

Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

References

Affected products

Firefox
  • <148
Firefox ESR
  • <140.8
Thunderbird
  • <140.8
  • <148

Matching in nixpkgs

Ignored packages (34)

Package maintainers

Permalink CVE-2026-2806
created 3 weeks, 2 days ago
Uninitialized memory in the Graphics: Text component

Uninitialized memory in the Graphics: Text component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

References

Affected products

Firefox
  • <148
Thunderbird
  • <148

Matching in nixpkgs

Package maintainers

Permalink CVE-2026-2773
created 3 weeks, 2 days ago
Incorrect boundary conditions in the Web Audio component

Incorrect boundary conditions in the Web Audio component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

References

Affected products

Firefox
  • <148
Firefox ESR
  • <140.8
  • <115.33
Thunderbird
  • <140.8
  • <148

Matching in nixpkgs

Package maintainers

Permalink CVE-2026-2768
created 3 weeks, 2 days ago
Sandbox escape in the Storage: IndexedDB component

Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

References

Affected products

Firefox
  • <148
Firefox ESR
  • <140.8
Thunderbird
  • <140.8
  • <148

Matching in nixpkgs

Package maintainers

Permalink CVE-2026-2770
created 3 weeks, 2 days ago
Use-after-free in the DOM: Bindings (WebIDL) component

Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

References

Affected products

Firefox
  • <148
Firefox ESR
  • <140.8
  • <115.33
Thunderbird
  • <140.8
  • <148

Matching in nixpkgs

Package maintainers

Permalink CVE-2026-2797
created 3 weeks, 2 days ago
Use-after-free in the JavaScript: GC component

Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

References

Affected products

Firefox
  • <148
Thunderbird
  • <148

Matching in nixpkgs

Package maintainers

Permalink CVE-2026-2788
created 3 weeks, 2 days ago
Incorrect boundary conditions in the Audio/Video: GMP component

Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

References

Affected products

Firefox
  • <148
Firefox ESR
  • <140.8
  • <115.33
Thunderbird
  • <140.8
  • <148

Matching in nixpkgs

Package maintainers

Permalink CVE-2026-2804
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 3 weeks, 2 days ago
Use-after-free in the JavaScript: WebAssembly component

Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

References

Affected products

Firefox
  • <148
Thunderbird
  • <148

Matching in nixpkgs

Package maintainers

Permalink CVE-2026-2798
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 3 weeks, 2 days ago
Use-after-free in the DOM: Core & HTML component

Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

References

Affected products

Firefox
  • <148
Thunderbird
  • <148

Matching in nixpkgs

Package maintainers

Permalink CVE-2026-2771
created 3 weeks, 2 days ago
Undefined behavior in the DOM: Core & HTML component

Undefined behavior in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

References

Affected products

Firefox
  • <148
Firefox ESR
  • <140.8
  • <115.33
Thunderbird
  • <140.8
  • <148

Matching in nixpkgs

Package maintainers