Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: firefox-unwrapped

Found 197 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-2778
created 2 months, 4 weeks ago Activity log
  • Created suggestion 2 months, 4 weeks ago
Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component

Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

Affected products

Firefox
  • <148
Firefox ESR
  • <115.33
  • <140.8
Thunderbird
  • <140.8
  • <148

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 5
    • nixpkgs-unstable 5
    • nixos-unstable-small 5
  • nixos-25.11 5
    • nixos-25.11-small 5
    • nixpkgs-25.11-darwin 5

Package maintainers

Untriaged
Permalink CVE-2026-2801
created 2 months, 4 weeks ago Activity log
  • Created suggestion 2 months, 4 weeks ago
Incorrect boundary conditions in the JavaScript: WebAssembly component

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

Affected products

Firefox
  • <148
Thunderbird
  • <148

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 5
    • nixpkgs-unstable 5
    • nixos-unstable-small 5
  • nixos-25.11 5
    • nixos-25.11-small 5
    • nixpkgs-25.11-darwin 5

Package maintainers

Untriaged
Permalink CVE-2026-2759
created 2 months, 4 weeks ago Activity log
  • Created suggestion 2 months, 4 weeks ago
Incorrect boundary conditions in the Graphics: ImageLib component

Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

Affected products

Firefox
  • <148
Firefox ESR
  • <115.33
  • <140.8
Thunderbird
  • <140.8
  • <148

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 5
    • nixpkgs-unstable 5
    • nixos-unstable-small 5
  • nixos-25.11 5
    • nixos-25.11-small 5
    • nixpkgs-25.11-darwin 5

Package maintainers

Untriaged
Permalink CVE-2026-2796
updated 1 month, 3 weeks ago by @jopejoe1 Activity log
  • Created suggestion 2 months, 4 weeks ago
  • @mweinelt ignored
    18 packages
    • firefox_decrypt
    • faust2firefox
    • firefoxpwa
    • firefox-gnome-theme
    • firefox-sync-client
    • pkgsRocm.firefoxpwa
    • thunderbird-128-unwrapped
    • firefox-devedition-unwrapped
    • pkgsRocm.firefox-devedition
    • pkgsRocm.firefox-beta
    • firefox-beta-unwrapped
    • pkgsRocm.firefox-beta-unwrapped
    • thunderbirdPackages.thunderbird-128
    • gnomeExtensions.firefox-profiles
    • pkgsRocm.firefox-devedition-unwrapped
    • gnomeExtensions.firefox-pip-always-on-top
    • gnomeExtensions.pip-alwaysontop-for-firefox
    • vscode-extensions.firefox-devtools.vscode-firefox-debug
    2 months, 4 weeks ago
  • @jopejoe1 ignored package roundcubePlugins.thunderbird_labels 1 month, 3 weeks ago
JIT miscompilation in the JavaScript: WebAssembly component

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

Affected products

Firefox
  • <148
Thunderbird
  • <148

Matching in nixpkgs

Ignored packages (19)

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 5
    • nixpkgs-unstable 5
    • nixos-unstable-small 5
  • nixos-25.11 5
    • nixos-25.11-small 5
    • nixpkgs-25.11-darwin 5

Package maintainers

Published
Permalink CVE-2026-2447
8.8 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 3 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 3 months, 1 week ago
  • @jopejoe1 ignored
    11 packages
    • firefoxpwa
    • faust2firefox
    • firefox_decrypt
    • firefox-gnome-theme
    • firefox-sync-client
    • pkgsRocm.firefoxpwa
    • gnomeExtensions.firefox-profiles
    • roundcubePlugins.thunderbird_labels
    • gnomeExtensions.firefox-pip-always-on-top
    • gnomeExtensions.pip-alwaysontop-for-firefox
    • vscode-extensions.firefox-devtools.vscode-firefox-debug
    3 months, 1 week ago
  • @LeSuisse ignored
    17 packages
    • thunderbirdPackages.thunderbird-128
    • pkgsRocm.firefox
    • pkgsRocm.thunderbird
    • pkgsRocm.firefox-beta
    • pkgsRocm.thunderbird-unwrapped
    • firefox-devedition-unwrapped
    • pkgsRocm.firefox-devedition
    • pkgsRocm.firefox-unwrapped
    • pkgsRocm.thunderbird-latest
    • pkgsRocm.thunderbird-latest-unwrapped
    • pkgsRocm.firefox-devedition-unwrapped
    • pkgsRocm.thunderbirdPackages.thunderbird
    • pkgsRocm.thunderbirdPackages.thunderbird-latest
    • thunderbird-128-unwrapped
    • pkgsRocm.firefox-mobile
    • pkgsRocm.firefox-beta-unwrapped
    • firefox-beta-unwrapped
    3 months, 1 week ago
  • @LeSuisse deleted
    4 maintainers
    • @nbp
    • @vcunat
    • @mweinelt
    • @lovesegfault
    3 months, 1 week ago maintainer.delete
  • @LeSuisse accepted 3 months, 1 week ago
  • @LeSuisse published on GitHub 3 months, 1 week ago
Heap buffer overflow in libvpx

Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2.

Affected products

Firefox
  • <147.0.4
Firefox ESR
  • <140.7.1
  • <115.32.1
Thunderbird
  • <147.0.2
  • <140.7.2

Matching in nixpkgs

Ignored packages (28)

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 5
    • nixpkgs-unstable 5
    • nixos-unstable-small 5
  • nixos-25.11 5
    • nixos-25.11-small 5
    • nixpkgs-25.11-darwin 5

Package maintainers

Ignored maintainers (4) 
Upstream advisory: https://github.com/advisories/GHSA-c99q-x737-hc5j
Untriaged
Permalink CVE-2026-24868
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): High (H)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): None (N)
created 3 months, 3 weeks ago Activity log
  • Created suggestion 3 months, 3 weeks ago
Mitigation bypass in the Privacy: Anti-Tracking component

Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability affects Firefox < 147.0.2.

Affected products

Firefox
  • <147.0.2

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

pkgs.pkgsRocm.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 5
    • nixpkgs-unstable 5
    • nixos-unstable-small 5

Package maintainers

Untriaged
Permalink CVE-2026-24869
8.1 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): None (N)
created 3 months, 3 weeks ago Activity log
  • Created suggestion 3 months, 3 weeks ago
Use-after-free in the Layout: Scrolling and Overflow component

Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability affects Firefox < 147.0.2.

Affected products

Firefox
  • <147.0.2

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

pkgs.pkgsRocm.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 5
    • nixpkgs-unstable 5
    • nixos-unstable-small 5

Package maintainers