Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: vscode-extensions.firefox-devtools.vscode-firefox-debug

Found 185 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-8954
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
created 5 days, 6 hours ago Activity log
  • Created suggestion 5 days, 6 hours ago
Incorrect boundary conditions, integer overflow in the Audio/Video component

Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Affected products

Firefox
  • =<*
  • =<140.*
Thunderbird
  • =<140.*
  • =<*

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.thunderbird-cli

Low-level CLI to manage Mozilla Thunderbird email from the shell

pkgs.thunderbird-mcp

MCP server for Thunderbird - enables AI assistants to access email, contacts, and calendars

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

pkgs.thunderbird-cli-mcp

MCP server that gives full access to your email through Mozilla Thunderbird

pkgs.firefoxpwa-unwrapped

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.thunderbird-cli-bridge

HTTP/WebSocket bridge daemon between thunderbird-cli (or any HTTP client) and the Thunderbird-cli WebExtension. Stateless proxy, localhost-only.

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 6
    • nixpkgs-unstable 6
    • nixos-unstable-small 6
  • nixos-25.11 5
    • nixos-25.11-small 5
    • nixpkgs-25.11-darwin 5

Package maintainers

Untriaged
Permalink CVE-2026-8389
created 1 week, 5 days ago Activity log
  • Created suggestion 1 week, 5 days ago
JIT miscompilation in the JavaScript Engine: JIT component

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.

Affected products

Firefox
  • =<*

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

pkgs.firefoxpwa-unwrapped

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 6
    • nixpkgs-unstable 6
    • nixos-unstable-small 6
  • nixos-25.11 5
    • nixos-25.11-small 5
    • nixpkgs-25.11-darwin 5

Package maintainers

Untriaged
Permalink CVE-2026-8401
created 1 week, 5 days ago Activity log
  • Created suggestion 1 week, 5 days ago
Sandbox escape in the Profile Backup component

Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3.

Affected products

Firefox
  • =<*

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

pkgs.firefoxpwa-unwrapped

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 6
    • nixpkgs-unstable 6
    • nixos-unstable-small 6
  • nixos-25.11 5
    • nixos-25.11-small 5
    • nixpkgs-25.11-darwin 5

Package maintainers

Untriaged
Permalink CVE-2026-8391
created 1 week, 5 days ago Activity log
  • Created suggestion 1 week, 5 days ago
Other issue in the JavaScript Engine component

Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3.

Affected products

Firefox
  • =<*

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

pkgs.firefoxpwa-unwrapped

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 6
    • nixpkgs-unstable 6
    • nixos-unstable-small 6
  • nixos-25.11 5
    • nixos-25.11-small 5
    • nixpkgs-25.11-darwin 5

Package maintainers

Untriaged
Permalink CVE-2026-8390
created 1 week, 5 days ago Activity log
  • Created suggestion 1 week, 5 days ago
Use-after-free in the JavaScript: WebAssembly component

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.

Affected products

Firefox
  • =<*

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

pkgs.firefoxpwa-unwrapped

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 6
    • nixpkgs-unstable 6
    • nixos-unstable-small 6
  • nixos-25.11 5
    • nixos-25.11-small 5
    • nixpkgs-25.11-darwin 5

Package maintainers

Untriaged
Permalink CVE-2026-8388
6.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
created 1 week, 5 days ago Activity log
  • Created suggestion 1 week, 5 days ago
Incorrect boundary conditions in the JavaScript Engine: JIT component

Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.

Affected products

Firefox
  • =<*

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

pkgs.firefoxpwa-unwrapped

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 6
    • nixpkgs-unstable 6
    • nixos-unstable-small 6
  • nixos-25.11 5
    • nixos-25.11-small 5
    • nixpkgs-25.11-darwin 5

Package maintainers

Untriaged
Permalink CVE-2026-8093
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
created 2 weeks, 3 days ago Activity log
  • Created suggestion 2 weeks, 3 days ago
Memory safety bugs fixed in Firefox 150.0.2

Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2.

Affected products

Firefox
  • =<*

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

pkgs.firefoxpwa-unwrapped

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 6
    • nixpkgs-unstable 6
    • nixos-unstable-small 6
  • nixos-25.11 5
    • nixos-25.11-small 5
    • nixpkgs-25.11-darwin 5

Package maintainers

Untriaged
Permalink CVE-2026-8092
created 2 weeks, 3 days ago Activity log
  • Created suggestion 2 weeks, 3 days ago
Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox 150.0.2

Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, and Firefox ESR 115.35.2.

Affected products

Firefox
  • =<115.*
  • =<140.*
  • =<*

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

pkgs.firefoxpwa-unwrapped

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 6
    • nixpkgs-unstable 6
    • nixos-unstable-small 6
  • nixos-25.11 5
    • nixos-25.11-small 5
    • nixpkgs-25.11-darwin 5

Package maintainers

Untriaged
Permalink CVE-2026-8091
created 2 weeks, 3 days ago Activity log
  • Created suggestion 2 weeks, 3 days ago
Incorrect boundary conditions in the Audio/Video: Playback component

Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2.

Affected products

Firefox
  • =<115.*
  • =<140.*
  • =<*
Thunderbird
  • =<*
  • =<140.*

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.thunderbird-mcp

MCP server for Thunderbird - enables AI assistants to access email, contacts, and calendars

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

pkgs.firefoxpwa-unwrapped

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 6
    • nixpkgs-unstable 6
    • nixos-unstable-small 6
  • nixos-25.11 5
    • nixos-25.11-small 5
    • nixpkgs-25.11-darwin 5

Package maintainers

Untriaged
Permalink CVE-2026-7322
7.3 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): Low (L)
created 3 weeks, 5 days ago Activity log
  • Created suggestion 3 weeks, 5 days ago
Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1

Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1.

Affected products

Firefox
  • =<115.*
  • =<140.*
  • =<*

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

pkgs.firefoxpwa-unwrapped

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 6
    • nixpkgs-unstable 6
    • nixos-unstable-small 6
  • nixos-25.11 5
    • nixos-25.11-small 5
    • nixpkgs-25.11-darwin 5

Package maintainers