Nixpkgs Security Tracker

Permalink CVE-2026-2799

created 3 weeks, 4 days ago

Use-after-free in the DOM: Core & HTML component

Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

References

Affected products

Firefox

<148

Thunderbird

<148

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

nixos-unstable 2.18.0
- nixpkgs-unstable 2.18.0
- nixos-unstable-small 2.18.0
nixos-25.11 2.18.0
- nixos-25.11-small 2.18.0
- nixpkgs-25.11-darwin 2.18.0

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

nixos-unstable 2.83.1
- nixpkgs-unstable 2.83.1
- nixos-unstable-small 2.83.1
nixos-25.11 2.79.3
- nixos-25.11-small 2.79.3
- nixpkgs-25.11-darwin 2.79.3

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

nixos-unstable 1.1.1
- nixpkgs-unstable 1.1.1
- nixos-unstable-small 1.1.1
nixos-25.11 1.1.1
- nixos-25.11-small 1.1.1
- nixpkgs-25.11-darwin 1.1.1

pkgs.pkgsRocm.firefox

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-unwrapped

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-gnome-theme

GNOME theme for Firefox

nixos-unstable 143
- nixpkgs-unstable 143
- nixos-unstable-small 143
nixos-25.11 143
- nixos-25.11-small 143
- nixpkgs-25.11-darwin 143

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

nixos-unstable 1.9.0
- nixpkgs-unstable 1.9.0
- nixos-unstable-small 1.9.0
nixos-25.11 1.9.0
- nixos-25.11-small 1.9.0
- nixpkgs-25.11-darwin 1.9.0

pkgs.pkgsRocm.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

nixos-unstable 2.18.0
- nixpkgs-unstable 2.18.0
- nixos-unstable-small 2.18.0
nixos-25.11 2.18.0
- nixos-25.11-small 2.18.0
- nixpkgs-25.11-darwin 2.18.0

pkgs.pkgsRocm.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-esr-unwrapped

Web browser built from Firefox source tree

nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.8.0esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-beta

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbird-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-beta-unwrapped

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.firefox-mobile

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-esr-140-unwrapped

Web browser built from Firefox source tree

nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.8.0esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbird-128-unwrapped

Full-featured e-mail client

pkgs.thunderbird-140-unwrapped

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbird-esr-unwrapped

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-unwrapped

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.pkgsRocm.firefox-devedition

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-devedition-unwrapped

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbird-latest-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.thunderbird-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.firefox-beta-unwrapped

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbirdPackages.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

nixos-unstable 5
- nixpkgs-unstable 5
- nixos-unstable-small 5
nixos-25.11 5
- nixos-25.11-small 5
- nixpkgs-25.11-darwin 5

pkgs.roundcubePlugins.thunderbird_labels

None

nixos-unstable 1.6.0
- nixpkgs-unstable 1.6.0
- nixos-unstable-small 1.6.0
nixos-25.11 1.6.0
- nixos-25.11-small 1.6.0
- nixpkgs-25.11-darwin 1.6.0

pkgs.thunderbirdPackages.thunderbird-128

Full-featured e-mail client

pkgs.thunderbirdPackages.thunderbird-140

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbirdPackages.thunderbird-esr

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-devedition-unwrapped

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.thunderbird-latest-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.thunderbirdPackages.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.gnomeExtensions.firefox-pip-always-on-top

Automatically sets Picture-in-Picture windows to always be on top and visible on all workspaces

nixos-unstable 4
- nixpkgs-unstable 4
- nixos-unstable-small 4

pkgs.gnomeExtensions.pip-alwaysontop-for-firefox

Enable Picture-in-Picture(PIP) mode to always be on for Firefox in Gnome.

nixos-unstable 1
- nixpkgs-unstable 1
- nixos-unstable-small 1

pkgs.pkgsRocm.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.vscode-extensions.firefox-devtools.vscode-firefox-debug

Visual Studio Code extension for debugging web applications and browser extensions in Firefox

nixos-unstable 2.15.0
- nixpkgs-unstable 2.15.0
- nixos-unstable-small 2.15.0
nixos-25.11 2.15.0
- nixos-25.11-small 2.15.0
- nixpkgs-25.11-darwin 2.15.0

Package maintainers

@pmahoney Patrick Mahoney <pat@polycrystal.org>
@magnetophon Bart Brouns <bart@magnetophon.nl>
@jopejoe1 jopejoe1 <nixpkgs@missing.ninja>
@rhendric Ryan Hendrickson
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@ambroisie Bruno BELANYI <bruno.nixpkgs@belanyi.fr>
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
@schnusch schnusch
@pasqui23 pasqui23 <p3dimaria@hotmail.it>
@camillemndn Camille M. <camillemondon@free.fr>
@honnip Jung seungwoo <me@honnip.page>
@vcunat Vladimír Čunát <v@cunat.cz>
@nbp Nicolas B. Pierron <nixos@nbp.name>
@felschr Felix Schröter <dev@felschr.com>
@nekowinston winston <hey@winston.sh>
@booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com>

Permalink CVE-2026-2777

created 3 weeks, 4 days ago

Privilege escalation in the Messaging System component

Privilege escalation in the Messaging System component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

References

Affected products

Firefox

<148

Firefox ESR

<140.8
<115.33

Thunderbird

<140.8
<148

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

nixos-unstable 2.18.0
- nixpkgs-unstable 2.18.0
- nixos-unstable-small 2.18.0
nixos-25.11 2.18.0
- nixos-25.11-small 2.18.0
- nixpkgs-25.11-darwin 2.18.0

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

nixos-unstable 2.83.1
- nixpkgs-unstable 2.83.1
- nixos-unstable-small 2.83.1
nixos-25.11 2.79.3
- nixos-25.11-small 2.79.3
- nixpkgs-25.11-darwin 2.79.3

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

nixos-unstable 1.1.1
- nixpkgs-unstable 1.1.1
- nixos-unstable-small 1.1.1
nixos-25.11 1.1.1
- nixos-25.11-small 1.1.1
- nixpkgs-25.11-darwin 1.1.1

pkgs.pkgsRocm.firefox

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-unwrapped

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-gnome-theme

GNOME theme for Firefox

nixos-unstable 143
- nixpkgs-unstable 143
- nixos-unstable-small 143
nixos-25.11 143
- nixos-25.11-small 143
- nixpkgs-25.11-darwin 143

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

nixos-unstable 1.9.0
- nixpkgs-unstable 1.9.0
- nixos-unstable-small 1.9.0
nixos-25.11 1.9.0
- nixos-25.11-small 1.9.0
- nixpkgs-25.11-darwin 1.9.0

pkgs.pkgsRocm.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

nixos-unstable 2.18.0
- nixpkgs-unstable 2.18.0
- nixos-unstable-small 2.18.0
nixos-25.11 2.18.0
- nixos-25.11-small 2.18.0
- nixpkgs-25.11-darwin 2.18.0

pkgs.pkgsRocm.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-esr-unwrapped

Web browser built from Firefox source tree

nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.8.0esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-beta

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbird-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-beta-unwrapped

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.firefox-mobile

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-esr-140-unwrapped

Web browser built from Firefox source tree

nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.8.0esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbird-128-unwrapped

Full-featured e-mail client

pkgs.thunderbird-140-unwrapped

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbird-esr-unwrapped

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-unwrapped

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.pkgsRocm.firefox-devedition

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-devedition-unwrapped

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbird-latest-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.thunderbird-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.firefox-beta-unwrapped

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbirdPackages.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

nixos-unstable 5
- nixpkgs-unstable 5
- nixos-unstable-small 5
nixos-25.11 5
- nixos-25.11-small 5
- nixpkgs-25.11-darwin 5

pkgs.roundcubePlugins.thunderbird_labels

None

nixos-unstable 1.6.0
- nixpkgs-unstable 1.6.0
- nixos-unstable-small 1.6.0
nixos-25.11 1.6.0
- nixos-25.11-small 1.6.0
- nixpkgs-25.11-darwin 1.6.0

pkgs.thunderbirdPackages.thunderbird-128

Full-featured e-mail client

pkgs.thunderbirdPackages.thunderbird-140

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbirdPackages.thunderbird-esr

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-devedition-unwrapped

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.thunderbird-latest-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.thunderbirdPackages.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.gnomeExtensions.firefox-pip-always-on-top

Automatically sets Picture-in-Picture windows to always be on top and visible on all workspaces

nixos-unstable 4
- nixpkgs-unstable 4
- nixos-unstable-small 4

pkgs.gnomeExtensions.pip-alwaysontop-for-firefox

Enable Picture-in-Picture(PIP) mode to always be on for Firefox in Gnome.

nixos-unstable 1
- nixpkgs-unstable 1
- nixos-unstable-small 1

pkgs.pkgsRocm.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.vscode-extensions.firefox-devtools.vscode-firefox-debug

Visual Studio Code extension for debugging web applications and browser extensions in Firefox

nixos-unstable 2.15.0
- nixpkgs-unstable 2.15.0
- nixos-unstable-small 2.15.0
nixos-25.11 2.15.0
- nixos-25.11-small 2.15.0
- nixpkgs-25.11-darwin 2.15.0

Package maintainers

@pmahoney Patrick Mahoney <pat@polycrystal.org>
@magnetophon Bart Brouns <bart@magnetophon.nl>
@jopejoe1 jopejoe1 <nixpkgs@missing.ninja>
@rhendric Ryan Hendrickson
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@ambroisie Bruno BELANYI <bruno.nixpkgs@belanyi.fr>
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
@schnusch schnusch
@pasqui23 pasqui23 <p3dimaria@hotmail.it>
@camillemndn Camille M. <camillemondon@free.fr>
@honnip Jung seungwoo <me@honnip.page>
@vcunat Vladimír Čunát <v@cunat.cz>
@nbp Nicolas B. Pierron <nixos@nbp.name>
@felschr Felix Schröter <dev@felschr.com>
@nekowinston winston <hey@winston.sh>
@booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com>

Permalink CVE-2022-1499

created 3 weeks, 4 days ago

Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 …

Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

References

https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop… x_refsource_MISC
https://crbug.com/1000408 x_refsource_MISC
GLSA-202208-25 vendor-advisory x_refsource_GENTOO
https://crbug.com/1000408 x_transferred x_refsource_MISC
GLSA-202208-25 vendor-advisory x_refsource_GENTOO x_transferred
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop… x_transferred x_refsource_MISC

Affected products

Chrome

<101.0.4951.41

Matching in nixpkgs

pkgs.netflix

Open Netflix in Google Chrome app mode

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.chromedriver

WebDriver server for running Selenium tests on Chrome

nixos-unstable 145.0.7632.75
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.116
nixos-25.11 145.0.7632.109
- nixos-25.11-small 145.0.7632.109
- nixpkgs-25.11-darwin 145.0.7632.109

pkgs.mkchromecast

Cast macOS and Linux Audio/Video to your Google Cast and Sonos Devices

nixos-unstable 2025-12-21
- nixpkgs-unstable 2025-12-21
- nixos-unstable-small 2025-12-21
nixos-25.11 2022-10-31
- nixos-25.11-small 2022-10-31
- nixpkgs-25.11-darwin 2022-10-31

pkgs.chrome-export

Scripts to save Google Chrome's bookmarks and history as HTML bookmarks files

nixos-unstable 2.0.2
- nixpkgs-unstable 2.0.2
- nixos-unstable-small 2.0.2
nixos-25.11 2.0.2
- nixos-25.11-small 2.0.2
- nixpkgs-25.11-darwin 2.0.2

pkgs.go-chromecast

CLI for Google Chromecast, Home devices and Cast Groups

nixos-unstable 0.3.4
- nixpkgs-unstable 0.3.4
- nixos-unstable-small 0.3.4
nixos-25.11 0.3.4
- nixos-25.11-small 0.3.4
- nixpkgs-25.11-darwin 0.3.4

pkgs.google-chrome

Freeware web browser developed by Google

nixos-unstable 145.0.7632.75
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.116
nixos-25.11 145.0.7632.109
- nixos-25.11-small 145.0.7632.109
- nixpkgs-25.11-darwin 145.0.7632.109

pkgs.xf86videoopenchrome

VIA Technologies UniChrome and Chrome9 IGP video driver for the Xorg X server

nixos-unstable 0.6.225
- nixpkgs-unstable 0.6.225
- nixos-unstable-small 0.6.225

pkgs.chrome-token-signing

Chrome and Firefox extension for signing with your eID on the web

nixos-unstable 1.1.5
- nixpkgs-unstable 1.1.5
- nixos-unstable-small 1.1.5
nixos-25.11 1.1.5
- nixos-25.11-small 1.1.5
- nixpkgs-25.11-darwin 1.1.5

pkgs.chrome-pak-customizer

Simple batch tool to customize pak files in chrome or chromium-based browser

nixos-unstable 2.0-unstable-2021-06-24
- nixpkgs-unstable 2.0-unstable-2021-06-24
- nixos-unstable-small 2.0-unstable-2021-06-24
nixos-25.11 2.0-unstable-2021-06-24
- nixos-25.11-small 2.0-unstable-2021-06-24
- nixpkgs-25.11-darwin 2.0-unstable-2021-06-24

pkgs.electron-chromedriver

WebDriver server for running Selenium tests on Chrome

nixos-unstable 38.8.1
- nixpkgs-unstable 38.8.1
- nixos-unstable-small 38.8.1
nixos-25.11 38.8.1
- nixos-25.11-small 38.8.1
- nixpkgs-25.11-darwin 38.8.1

pkgs.xf86-video-openchrome

VIA Technologies UniChrome and Chrome9 IGP video driver for the Xorg X server

nixos-unstable 0.6.225
- nixpkgs-unstable 0.6.225
- nixos-unstable-small 0.6.225

pkgs.curl-impersonate-chrome

Special build of curl that can impersonate Chrome & Firefox

nixos-25.11 1.2.0
- nixos-25.11-small 1.2.0
- nixpkgs-25.11-darwin 1.2.0

pkgs.undetected-chromedriver

Custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 145.0.7632.75
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.116
nixos-25.11 145.0.7632.109
- nixos-25.11-small 145.0.7632.109
- nixpkgs-25.11-darwin 145.0.7632.109

pkgs.electron-chromedriver_33

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_34

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_35

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_36

WebDriver server for running Selenium tests on Chrome

nixos-25.11 36.9.5
- nixos-25.11-small 36.9.5
- nixpkgs-25.11-darwin 36.9.5

pkgs.electron-chromedriver_37

WebDriver server for running Selenium tests on Chrome

nixos-unstable 37.10.3
- nixpkgs-unstable 37.10.3
- nixos-unstable-small 37.10.3
nixos-25.11 37.10.3
- nixos-25.11-small 37.10.3
- nixpkgs-25.11-darwin 37.10.3

pkgs.electron-chromedriver_38

WebDriver server for running Selenium tests on Chrome

nixos-unstable 38.8.1
- nixpkgs-unstable 38.8.1
- nixos-unstable-small 38.8.1
nixos-25.11 38.8.1
- nixos-25.11-small 38.8.1
- nixpkgs-25.11-darwin 38.8.1

pkgs.electron-chromedriver_39

WebDriver server for running Selenium tests on Chrome

nixos-unstable 39.5.2
- nixpkgs-unstable 39.5.2
- nixos-unstable-small 39.5.2
nixos-25.11 39.5.2
- nixos-25.11-small 39.5.2
- nixpkgs-25.11-darwin 39.5.2

pkgs.electron-chromedriver_40

WebDriver server for running Selenium tests on Chrome

nixos-unstable 40.3.0
- nixpkgs-unstable 40.3.0
- nixos-unstable-small 40.3.0
nixos-25.11 40.3.0
- nixos-25.11-small 40.3.0
- nixpkgs-25.11-darwin 40.3.0

pkgs.xorg.xf86videoopenchrome

None

nixos-25.11 0.6.0
- nixos-25.11-small 0.6.0
- nixpkgs-25.11-darwin 0.6.0

pkgs.ocamlPackages.chrome-trace

Chrome trace event generation library

nixos-unstable 3.20.2
- nixpkgs-unstable 3.20.2
- nixos-unstable-small 3.20.2
nixos-25.11 3.20.2
- nixos-25.11-small 3.20.2
- nixpkgs-25.11-darwin 3.20.2

pkgs.noto-fonts-monochrome-emoji

Monochrome emoji font

nixos-unstable 3.000
- nixpkgs-unstable 3.000
- nixos-unstable-small 3.000
nixos-25.11 3.000
- nixos-25.11-small 3.000
- nixpkgs-25.11-darwin 3.000

pkgs.python312Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-25.11 14.0.9
- nixos-25.11-small 14.0.9
- nixpkgs-25.11-darwin 14.0.9

pkgs.python313Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9
nixos-25.11 14.0.9
- nixos-25.11-small 14.0.9
- nixpkgs-25.11-darwin 14.0.9

pkgs.python314Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9

pkgs.ocamlPackages_latest.chrome-trace

Chrome trace event generation library

nixos-unstable 3.20.2
- nixpkgs-unstable 3.20.2
- nixos-unstable-small 3.20.2

pkgs.python312Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-25.11 3.5.5
- nixos-25.11-small 3.5.5
- nixpkgs-25.11-darwin 3.5.5

pkgs.python313Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5
nixos-25.11 3.5.5
- nixos-25.11-small 3.5.5
- nixpkgs-25.11-darwin 3.5.5

pkgs.python314Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5

pkgs.grafanaPlugins.ventura-psychrometric-panel

Grafana plugin to display air conditions on a psychrometric chart

nixos-unstable 5.1.0
- nixpkgs-unstable 5.1.0
- nixos-unstable-small 5.1.0
nixos-25.11 5.0.4
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

Package maintainers

@bdesham Benjamin Esham <benjamin@esham.io>
@UlyssesZh Ulysses Zhan <ulysseszhan@gmail.com>
@mmahut Marek Mahut <marek.mahut@gmail.com>
@emilylange Emily Lange <nix@emilylange.de>
@networkException networkException <nix@nwex.de>
@GGG-KILLER GGG <gggkiller2@gmail.com>
@liam-murphy14 Liam Murphy <liam.murphy137@gmail.com>
@yayayayaka Yaya <github@uwu.is>
@zi3m5f zi3m5f <k7n3o3a6f@mozmail.com>
@johnrtitor Masum Reza <masumrezarock100@gmail.com>
@Shou Benedict Aas <x+g@shou.io>
@roberth Robert Hensing <nixpkgs@roberthensing.nl>
@nicoonoclaste nicoo <nicoo@debian.org>
@abbradar Nikolay Amiantov <ab@fmap.me>
@teutat3s teutat3s <teutates@mailbox.org>
@TomaSajt TomaSajt
@nagisa Simonas Kazlauskas <nixpkgs@kazlauskas.me>

Permalink CVE-2022-1310

created 3 weeks, 4 days ago

Use after free in regular expressions in Google Chrome prior …

Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

References

GLSA-202208-25 vendor-advisory x_refsource_GENTOO
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop… x_refsource_MISC
https://crbug.com/1307610 x_refsource_MISC
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop… x_transferred x_refsource_MISC
https://crbug.com/1307610 x_transferred x_refsource_MISC
GLSA-202208-25 vendor-advisory x_refsource_GENTOO x_transferred

Affected products

Chrome

<100.0.4896.88

Matching in nixpkgs

pkgs.netflix

Open Netflix in Google Chrome app mode

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.chromedriver

WebDriver server for running Selenium tests on Chrome

nixos-unstable 145.0.7632.75
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.116
nixos-25.11 145.0.7632.109
- nixos-25.11-small 145.0.7632.109
- nixpkgs-25.11-darwin 145.0.7632.109

pkgs.mkchromecast

Cast macOS and Linux Audio/Video to your Google Cast and Sonos Devices

nixos-unstable 2025-12-21
- nixpkgs-unstable 2025-12-21
- nixos-unstable-small 2025-12-21
nixos-25.11 2022-10-31
- nixos-25.11-small 2022-10-31
- nixpkgs-25.11-darwin 2022-10-31

pkgs.chrome-export

Scripts to save Google Chrome's bookmarks and history as HTML bookmarks files

nixos-unstable 2.0.2
- nixpkgs-unstable 2.0.2
- nixos-unstable-small 2.0.2
nixos-25.11 2.0.2
- nixos-25.11-small 2.0.2
- nixpkgs-25.11-darwin 2.0.2

pkgs.go-chromecast

CLI for Google Chromecast, Home devices and Cast Groups

nixos-unstable 0.3.4
- nixpkgs-unstable 0.3.4
- nixos-unstable-small 0.3.4
nixos-25.11 0.3.4
- nixos-25.11-small 0.3.4
- nixpkgs-25.11-darwin 0.3.4

pkgs.google-chrome

Freeware web browser developed by Google

nixos-unstable 145.0.7632.75
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.116
nixos-25.11 145.0.7632.109
- nixos-25.11-small 145.0.7632.109
- nixpkgs-25.11-darwin 145.0.7632.109

pkgs.xf86videoopenchrome

VIA Technologies UniChrome and Chrome9 IGP video driver for the Xorg X server

nixos-unstable 0.6.225
- nixpkgs-unstable 0.6.225
- nixos-unstable-small 0.6.225

pkgs.chrome-token-signing

Chrome and Firefox extension for signing with your eID on the web

nixos-unstable 1.1.5
- nixpkgs-unstable 1.1.5
- nixos-unstable-small 1.1.5
nixos-25.11 1.1.5
- nixos-25.11-small 1.1.5
- nixpkgs-25.11-darwin 1.1.5

pkgs.chrome-pak-customizer

Simple batch tool to customize pak files in chrome or chromium-based browser

nixos-unstable 2.0-unstable-2021-06-24
- nixpkgs-unstable 2.0-unstable-2021-06-24
- nixos-unstable-small 2.0-unstable-2021-06-24
nixos-25.11 2.0-unstable-2021-06-24
- nixos-25.11-small 2.0-unstable-2021-06-24
- nixpkgs-25.11-darwin 2.0-unstable-2021-06-24

pkgs.electron-chromedriver

WebDriver server for running Selenium tests on Chrome

nixos-unstable 38.8.1
- nixpkgs-unstable 38.8.1
- nixos-unstable-small 38.8.1
nixos-25.11 38.8.1
- nixos-25.11-small 38.8.1
- nixpkgs-25.11-darwin 38.8.1

pkgs.xf86-video-openchrome

VIA Technologies UniChrome and Chrome9 IGP video driver for the Xorg X server

nixos-unstable 0.6.225
- nixpkgs-unstable 0.6.225
- nixos-unstable-small 0.6.225

pkgs.curl-impersonate-chrome

Special build of curl that can impersonate Chrome & Firefox

nixos-25.11 1.2.0
- nixos-25.11-small 1.2.0
- nixpkgs-25.11-darwin 1.2.0

pkgs.undetected-chromedriver

Custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 145.0.7632.75
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.116
nixos-25.11 145.0.7632.109
- nixos-25.11-small 145.0.7632.109
- nixpkgs-25.11-darwin 145.0.7632.109

pkgs.electron-chromedriver_33

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_34

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_35

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_36

WebDriver server for running Selenium tests on Chrome

nixos-25.11 36.9.5
- nixos-25.11-small 36.9.5
- nixpkgs-25.11-darwin 36.9.5

pkgs.electron-chromedriver_37

WebDriver server for running Selenium tests on Chrome

nixos-unstable 37.10.3
- nixpkgs-unstable 37.10.3
- nixos-unstable-small 37.10.3
nixos-25.11 37.10.3
- nixos-25.11-small 37.10.3
- nixpkgs-25.11-darwin 37.10.3

pkgs.electron-chromedriver_38

WebDriver server for running Selenium tests on Chrome

nixos-unstable 38.8.1
- nixpkgs-unstable 38.8.1
- nixos-unstable-small 38.8.1
nixos-25.11 38.8.1
- nixos-25.11-small 38.8.1
- nixpkgs-25.11-darwin 38.8.1

pkgs.electron-chromedriver_39

WebDriver server for running Selenium tests on Chrome

nixos-unstable 39.5.2
- nixpkgs-unstable 39.5.2
- nixos-unstable-small 39.5.2
nixos-25.11 39.5.2
- nixos-25.11-small 39.5.2
- nixpkgs-25.11-darwin 39.5.2

pkgs.electron-chromedriver_40

WebDriver server for running Selenium tests on Chrome

nixos-unstable 40.3.0
- nixpkgs-unstable 40.3.0
- nixos-unstable-small 40.3.0
nixos-25.11 40.3.0
- nixos-25.11-small 40.3.0
- nixpkgs-25.11-darwin 40.3.0

pkgs.xorg.xf86videoopenchrome

None

nixos-25.11 0.6.0
- nixos-25.11-small 0.6.0
- nixpkgs-25.11-darwin 0.6.0

pkgs.ocamlPackages.chrome-trace

Chrome trace event generation library

nixos-unstable 3.20.2
- nixpkgs-unstable 3.20.2
- nixos-unstable-small 3.20.2
nixos-25.11 3.20.2
- nixos-25.11-small 3.20.2
- nixpkgs-25.11-darwin 3.20.2

pkgs.noto-fonts-monochrome-emoji

Monochrome emoji font

nixos-unstable 3.000
- nixpkgs-unstable 3.000
- nixos-unstable-small 3.000
nixos-25.11 3.000
- nixos-25.11-small 3.000
- nixpkgs-25.11-darwin 3.000

pkgs.python312Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-25.11 14.0.9
- nixos-25.11-small 14.0.9
- nixpkgs-25.11-darwin 14.0.9

pkgs.python313Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9
nixos-25.11 14.0.9
- nixos-25.11-small 14.0.9
- nixpkgs-25.11-darwin 14.0.9

pkgs.python314Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9

pkgs.ocamlPackages_latest.chrome-trace

Chrome trace event generation library

nixos-unstable 3.20.2
- nixpkgs-unstable 3.20.2
- nixos-unstable-small 3.20.2

pkgs.python312Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-25.11 3.5.5
- nixos-25.11-small 3.5.5
- nixpkgs-25.11-darwin 3.5.5

pkgs.python313Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5
nixos-25.11 3.5.5
- nixos-25.11-small 3.5.5
- nixpkgs-25.11-darwin 3.5.5

pkgs.python314Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5

pkgs.grafanaPlugins.ventura-psychrometric-panel

Grafana plugin to display air conditions on a psychrometric chart

nixos-unstable 5.1.0
- nixpkgs-unstable 5.1.0
- nixos-unstable-small 5.1.0
nixos-25.11 5.0.4
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

Package maintainers

@bdesham Benjamin Esham <benjamin@esham.io>
@UlyssesZh Ulysses Zhan <ulysseszhan@gmail.com>
@mmahut Marek Mahut <marek.mahut@gmail.com>
@emilylange Emily Lange <nix@emilylange.de>
@networkException networkException <nix@nwex.de>
@GGG-KILLER GGG <gggkiller2@gmail.com>
@liam-murphy14 Liam Murphy <liam.murphy137@gmail.com>
@yayayayaka Yaya <github@uwu.is>
@zi3m5f zi3m5f <k7n3o3a6f@mozmail.com>
@johnrtitor Masum Reza <masumrezarock100@gmail.com>
@Shou Benedict Aas <x+g@shou.io>
@roberth Robert Hensing <nixpkgs@roberthensing.nl>
@nicoonoclaste nicoo <nicoo@debian.org>
@abbradar Nikolay Amiantov <ab@fmap.me>
@teutat3s teutat3s <teutates@mailbox.org>
@TomaSajt TomaSajt
@nagisa Simonas Kazlauskas <nixpkgs@kazlauskas.me>

Permalink CVE-2022-1354

created 3 weeks, 4 days ago

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c …

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2074404
https://gitlab.com/libtiff/libtiff/-/issues/319
https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a5…
https://access.redhat.com/security/cve/CVE-2022-1354
https://security.netapp.com/advisory/ntap-20221014-0007/
GLSA-202210-10 vendor-advisory
[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update mailing-list
DSA-5333 vendor-advisory
https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a5… x_transferred
https://access.redhat.com/security/cve/CVE-2022-1354 x_transferred
https://security.netapp.com/advisory/ntap-20221014-0007/ x_transferred
GLSA-202210-10 vendor-advisory x_transferred
[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update mailing-list x_transferred
DSA-5333 vendor-advisory x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=2074404 x_transferred
https://gitlab.com/libtiff/libtiff/-/issues/319 x_transferred

Affected products

libtiff

==Not-Known

Matching in nixpkgs

pkgs.libtiff

Library and utilities for working with the TIFF image file format

nixos-unstable 4.7.1
- nixpkgs-unstable 4.7.1
- nixos-unstable-small 4.7.1
nixos-25.11 4.7.1
- nixos-25.11-small 4.7.1
- nixpkgs-25.11-darwin 4.7.1

Package maintainers

@l0b0 Victor Engmark <victor@engmark.name>
@imincik Ivan Mincik <ivan.mincik@gmail.com>
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
@nialov Nikolas Ovaskainen <nikolasovaskainen@gmail.com>
@willcohen Will Cohen
@autra Augustin Trancart <augustin.trancart@gmail.com>
@nh2 Niklas Hambüchen <mail@nh2.me>

Permalink CVE-2026-2791

created 3 weeks, 4 days ago

Mitigation bypass in the Networking: Cache component

Mitigation bypass in the Networking: Cache component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

References

Affected products

Firefox

<148

Firefox ESR

<140.8

Thunderbird

<140.8
<148

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

nixos-unstable 2.18.0
- nixpkgs-unstable 2.18.0
- nixos-unstable-small 2.18.0
nixos-25.11 2.18.0
- nixos-25.11-small 2.18.0
- nixpkgs-25.11-darwin 2.18.0

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

nixos-unstable 2.83.1
- nixpkgs-unstable 2.83.1
- nixos-unstable-small 2.83.1
nixos-25.11 2.79.3
- nixos-25.11-small 2.79.3
- nixpkgs-25.11-darwin 2.79.3

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

nixos-unstable 1.1.1
- nixpkgs-unstable 1.1.1
- nixos-unstable-small 1.1.1
nixos-25.11 1.1.1
- nixos-25.11-small 1.1.1
- nixpkgs-25.11-darwin 1.1.1

pkgs.pkgsRocm.firefox

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-unwrapped

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-gnome-theme

GNOME theme for Firefox

nixos-unstable 143
- nixpkgs-unstable 143
- nixos-unstable-small 143
nixos-25.11 143
- nixos-25.11-small 143
- nixpkgs-25.11-darwin 143

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

nixos-unstable 1.9.0
- nixpkgs-unstable 1.9.0
- nixos-unstable-small 1.9.0
nixos-25.11 1.9.0
- nixos-25.11-small 1.9.0
- nixpkgs-25.11-darwin 1.9.0

pkgs.pkgsRocm.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

nixos-unstable 2.18.0
- nixpkgs-unstable 2.18.0
- nixos-unstable-small 2.18.0
nixos-25.11 2.18.0
- nixos-25.11-small 2.18.0
- nixpkgs-25.11-darwin 2.18.0

pkgs.pkgsRocm.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-esr-unwrapped

Web browser built from Firefox source tree

nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.8.0esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-beta

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbird-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-beta-unwrapped

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.firefox-mobile

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-esr-140-unwrapped

Web browser built from Firefox source tree

nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.8.0esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbird-128-unwrapped

Full-featured e-mail client

pkgs.thunderbird-140-unwrapped

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbird-esr-unwrapped

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-unwrapped

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.pkgsRocm.firefox-devedition

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-devedition-unwrapped

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbird-latest-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.thunderbird-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.firefox-beta-unwrapped

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbirdPackages.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

nixos-unstable 5
- nixpkgs-unstable 5
- nixos-unstable-small 5
nixos-25.11 5
- nixos-25.11-small 5
- nixpkgs-25.11-darwin 5

pkgs.roundcubePlugins.thunderbird_labels

None

nixos-unstable 1.6.0
- nixpkgs-unstable 1.6.0
- nixos-unstable-small 1.6.0
nixos-25.11 1.6.0
- nixos-25.11-small 1.6.0
- nixpkgs-25.11-darwin 1.6.0

pkgs.thunderbirdPackages.thunderbird-128

Full-featured e-mail client

pkgs.thunderbirdPackages.thunderbird-140

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbirdPackages.thunderbird-esr

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-devedition-unwrapped

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.thunderbird-latest-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.thunderbirdPackages.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.gnomeExtensions.firefox-pip-always-on-top

Automatically sets Picture-in-Picture windows to always be on top and visible on all workspaces

nixos-unstable 4
- nixpkgs-unstable 4
- nixos-unstable-small 4

pkgs.gnomeExtensions.pip-alwaysontop-for-firefox

Enable Picture-in-Picture(PIP) mode to always be on for Firefox in Gnome.

nixos-unstable 1
- nixpkgs-unstable 1
- nixos-unstable-small 1

pkgs.pkgsRocm.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.vscode-extensions.firefox-devtools.vscode-firefox-debug

Visual Studio Code extension for debugging web applications and browser extensions in Firefox

nixos-unstable 2.15.0
- nixpkgs-unstable 2.15.0
- nixos-unstable-small 2.15.0
nixos-25.11 2.15.0
- nixos-25.11-small 2.15.0
- nixpkgs-25.11-darwin 2.15.0

Package maintainers

@pmahoney Patrick Mahoney <pat@polycrystal.org>
@magnetophon Bart Brouns <bart@magnetophon.nl>
@jopejoe1 jopejoe1 <nixpkgs@missing.ninja>
@rhendric Ryan Hendrickson
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@ambroisie Bruno BELANYI <bruno.nixpkgs@belanyi.fr>
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
@schnusch schnusch
@pasqui23 pasqui23 <p3dimaria@hotmail.it>
@camillemndn Camille M. <camillemondon@free.fr>
@honnip Jung seungwoo <me@honnip.page>
@vcunat Vladimír Čunát <v@cunat.cz>
@nbp Nicolas B. Pierron <nixos@nbp.name>
@felschr Felix Schröter <dev@felschr.com>
@nekowinston winston <hey@winston.sh>
@booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com>

Permalink CVE-2022-1313

created 3 weeks, 4 days ago

Use after free in tab groups in Google Chrome prior …

Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

References

https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop… x_refsource_MISC
https://crbug.com/1270539 x_refsource_MISC
GLSA-202208-25 vendor-advisory x_refsource_GENTOO
https://crbug.com/1270539 x_transferred x_refsource_MISC
GLSA-202208-25 vendor-advisory x_refsource_GENTOO x_transferred
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop… x_transferred x_refsource_MISC

Affected products

Chrome

<100.0.4896.88

Matching in nixpkgs

pkgs.netflix

Open Netflix in Google Chrome app mode

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.chromedriver

WebDriver server for running Selenium tests on Chrome

nixos-unstable 145.0.7632.75
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.116
nixos-25.11 145.0.7632.109
- nixos-25.11-small 145.0.7632.109
- nixpkgs-25.11-darwin 145.0.7632.109

pkgs.mkchromecast

Cast macOS and Linux Audio/Video to your Google Cast and Sonos Devices

nixos-unstable 2025-12-21
- nixpkgs-unstable 2025-12-21
- nixos-unstable-small 2025-12-21
nixos-25.11 2022-10-31
- nixos-25.11-small 2022-10-31
- nixpkgs-25.11-darwin 2022-10-31

pkgs.chrome-export

Scripts to save Google Chrome's bookmarks and history as HTML bookmarks files

nixos-unstable 2.0.2
- nixpkgs-unstable 2.0.2
- nixos-unstable-small 2.0.2
nixos-25.11 2.0.2
- nixos-25.11-small 2.0.2
- nixpkgs-25.11-darwin 2.0.2

pkgs.go-chromecast

CLI for Google Chromecast, Home devices and Cast Groups

nixos-unstable 0.3.4
- nixpkgs-unstable 0.3.4
- nixos-unstable-small 0.3.4
nixos-25.11 0.3.4
- nixos-25.11-small 0.3.4
- nixpkgs-25.11-darwin 0.3.4

pkgs.google-chrome

Freeware web browser developed by Google

nixos-unstable 145.0.7632.75
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.116
nixos-25.11 145.0.7632.109
- nixos-25.11-small 145.0.7632.109
- nixpkgs-25.11-darwin 145.0.7632.109

pkgs.xf86videoopenchrome

VIA Technologies UniChrome and Chrome9 IGP video driver for the Xorg X server

nixos-unstable 0.6.225
- nixpkgs-unstable 0.6.225
- nixos-unstable-small 0.6.225

pkgs.chrome-token-signing

Chrome and Firefox extension for signing with your eID on the web

nixos-unstable 1.1.5
- nixpkgs-unstable 1.1.5
- nixos-unstable-small 1.1.5
nixos-25.11 1.1.5
- nixos-25.11-small 1.1.5
- nixpkgs-25.11-darwin 1.1.5

pkgs.chrome-pak-customizer

Simple batch tool to customize pak files in chrome or chromium-based browser

nixos-unstable 2.0-unstable-2021-06-24
- nixpkgs-unstable 2.0-unstable-2021-06-24
- nixos-unstable-small 2.0-unstable-2021-06-24
nixos-25.11 2.0-unstable-2021-06-24
- nixos-25.11-small 2.0-unstable-2021-06-24
- nixpkgs-25.11-darwin 2.0-unstable-2021-06-24

pkgs.electron-chromedriver

WebDriver server for running Selenium tests on Chrome

nixos-unstable 38.8.1
- nixpkgs-unstable 38.8.1
- nixos-unstable-small 38.8.1
nixos-25.11 38.8.1
- nixos-25.11-small 38.8.1
- nixpkgs-25.11-darwin 38.8.1

pkgs.xf86-video-openchrome

VIA Technologies UniChrome and Chrome9 IGP video driver for the Xorg X server

nixos-unstable 0.6.225
- nixpkgs-unstable 0.6.225
- nixos-unstable-small 0.6.225

pkgs.curl-impersonate-chrome

Special build of curl that can impersonate Chrome & Firefox

nixos-25.11 1.2.0
- nixos-25.11-small 1.2.0
- nixpkgs-25.11-darwin 1.2.0

pkgs.undetected-chromedriver

Custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 145.0.7632.75
- nixpkgs-unstable 145.0.7632.75
- nixos-unstable-small 145.0.7632.116
nixos-25.11 145.0.7632.109
- nixos-25.11-small 145.0.7632.109
- nixpkgs-25.11-darwin 145.0.7632.109

pkgs.electron-chromedriver_33

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_34

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_35

WebDriver server for running Selenium tests on Chrome

pkgs.electron-chromedriver_36

WebDriver server for running Selenium tests on Chrome

nixos-25.11 36.9.5
- nixos-25.11-small 36.9.5
- nixpkgs-25.11-darwin 36.9.5

pkgs.electron-chromedriver_37

WebDriver server for running Selenium tests on Chrome

nixos-unstable 37.10.3
- nixpkgs-unstable 37.10.3
- nixos-unstable-small 37.10.3
nixos-25.11 37.10.3
- nixos-25.11-small 37.10.3
- nixpkgs-25.11-darwin 37.10.3

pkgs.electron-chromedriver_38

WebDriver server for running Selenium tests on Chrome

nixos-unstable 38.8.1
- nixpkgs-unstable 38.8.1
- nixos-unstable-small 38.8.1
nixos-25.11 38.8.1
- nixos-25.11-small 38.8.1
- nixpkgs-25.11-darwin 38.8.1

pkgs.electron-chromedriver_39

WebDriver server for running Selenium tests on Chrome

nixos-unstable 39.5.2
- nixpkgs-unstable 39.5.2
- nixos-unstable-small 39.5.2
nixos-25.11 39.5.2
- nixos-25.11-small 39.5.2
- nixpkgs-25.11-darwin 39.5.2

pkgs.electron-chromedriver_40

WebDriver server for running Selenium tests on Chrome

nixos-unstable 40.3.0
- nixpkgs-unstable 40.3.0
- nixos-unstable-small 40.3.0
nixos-25.11 40.3.0
- nixos-25.11-small 40.3.0
- nixpkgs-25.11-darwin 40.3.0

pkgs.xorg.xf86videoopenchrome

None

nixos-25.11 0.6.0
- nixos-25.11-small 0.6.0
- nixpkgs-25.11-darwin 0.6.0

pkgs.ocamlPackages.chrome-trace

Chrome trace event generation library

nixos-unstable 3.20.2
- nixpkgs-unstable 3.20.2
- nixos-unstable-small 3.20.2
nixos-25.11 3.20.2
- nixos-25.11-small 3.20.2
- nixpkgs-25.11-darwin 3.20.2

pkgs.noto-fonts-monochrome-emoji

Monochrome emoji font

nixos-unstable 3.000
- nixpkgs-unstable 3.000
- nixos-unstable-small 3.000
nixos-25.11 3.000
- nixos-25.11-small 3.000
- nixpkgs-25.11-darwin 3.000

pkgs.python312Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-25.11 14.0.9
- nixos-25.11-small 14.0.9
- nixpkgs-25.11-darwin 14.0.9

pkgs.python313Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9
nixos-25.11 14.0.9
- nixos-25.11-small 14.0.9
- nixpkgs-25.11-darwin 14.0.9

pkgs.python314Packages.pychromecast

Library for Python to communicate with the Google Chromecast

nixos-unstable 14.0.9
- nixpkgs-unstable 14.0.9
- nixos-unstable-small 14.0.9

pkgs.ocamlPackages_latest.chrome-trace

Chrome trace event generation library

nixos-unstable 3.20.2
- nixpkgs-unstable 3.20.2
- nixos-unstable-small 3.20.2

pkgs.python312Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-25.11 3.5.5
- nixos-25.11-small 3.5.5
- nixpkgs-25.11-darwin 3.5.5

pkgs.python313Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5
nixos-25.11 3.5.5
- nixos-25.11-small 3.5.5
- nixpkgs-25.11-darwin 3.5.5

pkgs.python314Packages.undetected-chromedriver

Python library for the custom Selenium ChromeDriver that passes all bot mitigation systems

nixos-unstable 3.5.5
- nixpkgs-unstable 3.5.5
- nixos-unstable-small 3.5.5

pkgs.grafanaPlugins.ventura-psychrometric-panel

Grafana plugin to display air conditions on a psychrometric chart

nixos-unstable 5.1.0
- nixpkgs-unstable 5.1.0
- nixos-unstable-small 5.1.0
nixos-25.11 5.0.4
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

Package maintainers

@bdesham Benjamin Esham <benjamin@esham.io>
@UlyssesZh Ulysses Zhan <ulysseszhan@gmail.com>
@mmahut Marek Mahut <marek.mahut@gmail.com>
@emilylange Emily Lange <nix@emilylange.de>
@networkException networkException <nix@nwex.de>
@GGG-KILLER GGG <gggkiller2@gmail.com>
@liam-murphy14 Liam Murphy <liam.murphy137@gmail.com>
@yayayayaka Yaya <github@uwu.is>
@zi3m5f zi3m5f <k7n3o3a6f@mozmail.com>
@johnrtitor Masum Reza <masumrezarock100@gmail.com>
@Shou Benedict Aas <x+g@shou.io>
@roberth Robert Hensing <nixpkgs@roberthensing.nl>
@nicoonoclaste nicoo <nicoo@debian.org>
@abbradar Nikolay Amiantov <ab@fmap.me>
@teutat3s teutat3s <teutates@mailbox.org>
@TomaSajt TomaSajt
@nagisa Simonas Kazlauskas <nixpkgs@kazlauskas.me>

Permalink CVE-2026-2760

created 3 weeks, 4 days ago

Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component

Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

References

Affected products

Firefox

<148

Firefox ESR

<140.8
<115.33

Thunderbird

<140.8
<148

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

nixos-unstable 2.18.0
- nixpkgs-unstable 2.18.0
- nixos-unstable-small 2.18.0
nixos-25.11 2.18.0
- nixos-25.11-small 2.18.0
- nixpkgs-25.11-darwin 2.18.0

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

nixos-unstable 2.83.1
- nixpkgs-unstable 2.83.1
- nixos-unstable-small 2.83.1
nixos-25.11 2.79.3
- nixos-25.11-small 2.79.3
- nixpkgs-25.11-darwin 2.79.3

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

nixos-unstable 1.1.1
- nixpkgs-unstable 1.1.1
- nixos-unstable-small 1.1.1
nixos-25.11 1.1.1
- nixos-25.11-small 1.1.1
- nixpkgs-25.11-darwin 1.1.1

pkgs.pkgsRocm.firefox

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-unwrapped

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-gnome-theme

GNOME theme for Firefox

nixos-unstable 143
- nixpkgs-unstable 143
- nixos-unstable-small 143
nixos-25.11 143
- nixos-25.11-small 143
- nixpkgs-25.11-darwin 143

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

nixos-unstable 1.9.0
- nixpkgs-unstable 1.9.0
- nixos-unstable-small 1.9.0
nixos-25.11 1.9.0
- nixos-25.11-small 1.9.0
- nixpkgs-25.11-darwin 1.9.0

pkgs.pkgsRocm.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

nixos-unstable 2.18.0
- nixpkgs-unstable 2.18.0
- nixos-unstable-small 2.18.0
nixos-25.11 2.18.0
- nixos-25.11-small 2.18.0
- nixpkgs-25.11-darwin 2.18.0

pkgs.pkgsRocm.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-esr-unwrapped

Web browser built from Firefox source tree

nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.8.0esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-beta

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbird-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-beta-unwrapped

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.firefox-mobile

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-esr-140-unwrapped

Web browser built from Firefox source tree

nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.8.0esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbird-128-unwrapped

Full-featured e-mail client

pkgs.thunderbird-140-unwrapped

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbird-esr-unwrapped

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-unwrapped

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.pkgsRocm.firefox-devedition

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-devedition-unwrapped

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbird-latest-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.thunderbird-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.firefox-beta-unwrapped

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbirdPackages.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

nixos-unstable 5
- nixpkgs-unstable 5
- nixos-unstable-small 5
nixos-25.11 5
- nixos-25.11-small 5
- nixpkgs-25.11-darwin 5

pkgs.roundcubePlugins.thunderbird_labels

None

nixos-unstable 1.6.0
- nixpkgs-unstable 1.6.0
- nixos-unstable-small 1.6.0
nixos-25.11 1.6.0
- nixos-25.11-small 1.6.0
- nixpkgs-25.11-darwin 1.6.0

pkgs.thunderbirdPackages.thunderbird-128

Full-featured e-mail client

pkgs.thunderbirdPackages.thunderbird-140

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbirdPackages.thunderbird-esr

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-devedition-unwrapped

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.thunderbird-latest-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.thunderbirdPackages.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.gnomeExtensions.firefox-pip-always-on-top

Automatically sets Picture-in-Picture windows to always be on top and visible on all workspaces

nixos-unstable 4
- nixpkgs-unstable 4
- nixos-unstable-small 4

pkgs.gnomeExtensions.pip-alwaysontop-for-firefox

Enable Picture-in-Picture(PIP) mode to always be on for Firefox in Gnome.

nixos-unstable 1
- nixpkgs-unstable 1
- nixos-unstable-small 1

pkgs.pkgsRocm.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.vscode-extensions.firefox-devtools.vscode-firefox-debug

Visual Studio Code extension for debugging web applications and browser extensions in Firefox

nixos-unstable 2.15.0
- nixpkgs-unstable 2.15.0
- nixos-unstable-small 2.15.0
nixos-25.11 2.15.0
- nixos-25.11-small 2.15.0
- nixpkgs-25.11-darwin 2.15.0

Package maintainers

@pmahoney Patrick Mahoney <pat@polycrystal.org>
@magnetophon Bart Brouns <bart@magnetophon.nl>
@jopejoe1 jopejoe1 <nixpkgs@missing.ninja>
@rhendric Ryan Hendrickson
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@ambroisie Bruno BELANYI <bruno.nixpkgs@belanyi.fr>
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
@schnusch schnusch
@pasqui23 pasqui23 <p3dimaria@hotmail.it>
@camillemndn Camille M. <camillemondon@free.fr>
@honnip Jung seungwoo <me@honnip.page>
@vcunat Vladimír Čunát <v@cunat.cz>
@nbp Nicolas B. Pierron <nixos@nbp.name>
@felschr Felix Schröter <dev@felschr.com>
@nekowinston winston <hey@winston.sh>
@booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com>

Permalink CVE-2026-2782

created 3 weeks, 4 days ago

Privilege escalation in the Netmonitor component

Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

References

Affected products

Firefox

<148

Firefox ESR

<140.8

Thunderbird

<140.8
<148

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

nixos-unstable 2.18.0
- nixpkgs-unstable 2.18.0
- nixos-unstable-small 2.18.0
nixos-25.11 2.18.0
- nixos-25.11-small 2.18.0
- nixpkgs-25.11-darwin 2.18.0

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

nixos-unstable 2.83.1
- nixpkgs-unstable 2.83.1
- nixos-unstable-small 2.83.1
nixos-25.11 2.79.3
- nixos-25.11-small 2.79.3
- nixpkgs-25.11-darwin 2.79.3

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

nixos-unstable 1.1.1
- nixpkgs-unstable 1.1.1
- nixos-unstable-small 1.1.1
nixos-25.11 1.1.1
- nixos-25.11-small 1.1.1
- nixpkgs-25.11-darwin 1.1.1

pkgs.pkgsRocm.firefox

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-unwrapped

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-gnome-theme

GNOME theme for Firefox

nixos-unstable 143
- nixpkgs-unstable 143
- nixos-unstable-small 143
nixos-25.11 143
- nixos-25.11-small 143
- nixpkgs-25.11-darwin 143

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

nixos-unstable 1.9.0
- nixpkgs-unstable 1.9.0
- nixos-unstable-small 1.9.0
nixos-25.11 1.9.0
- nixos-25.11-small 1.9.0
- nixpkgs-25.11-darwin 1.9.0

pkgs.pkgsRocm.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

nixos-unstable 2.18.0
- nixpkgs-unstable 2.18.0
- nixos-unstable-small 2.18.0
nixos-25.11 2.18.0
- nixos-25.11-small 2.18.0
- nixpkgs-25.11-darwin 2.18.0

pkgs.pkgsRocm.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-esr-unwrapped

Web browser built from Firefox source tree

nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.8.0esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-beta

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbird-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-beta-unwrapped

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.firefox-mobile

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-esr-140-unwrapped

Web browser built from Firefox source tree

nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.8.0esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbird-128-unwrapped

Full-featured e-mail client

pkgs.thunderbird-140-unwrapped

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbird-esr-unwrapped

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-unwrapped

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.pkgsRocm.firefox-devedition

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-devedition-unwrapped

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbird-latest-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.thunderbird-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.firefox-beta-unwrapped

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbirdPackages.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

nixos-unstable 5
- nixpkgs-unstable 5
- nixos-unstable-small 5
nixos-25.11 5
- nixos-25.11-small 5
- nixpkgs-25.11-darwin 5

pkgs.roundcubePlugins.thunderbird_labels

None

nixos-unstable 1.6.0
- nixpkgs-unstable 1.6.0
- nixos-unstable-small 1.6.0
nixos-25.11 1.6.0
- nixos-25.11-small 1.6.0
- nixpkgs-25.11-darwin 1.6.0

pkgs.thunderbirdPackages.thunderbird-128

Full-featured e-mail client

pkgs.thunderbirdPackages.thunderbird-140

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbirdPackages.thunderbird-esr

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-devedition-unwrapped

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.thunderbird-latest-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.thunderbirdPackages.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.gnomeExtensions.firefox-pip-always-on-top

Automatically sets Picture-in-Picture windows to always be on top and visible on all workspaces

nixos-unstable 4
- nixpkgs-unstable 4
- nixos-unstable-small 4

pkgs.gnomeExtensions.pip-alwaysontop-for-firefox

Enable Picture-in-Picture(PIP) mode to always be on for Firefox in Gnome.

nixos-unstable 1
- nixpkgs-unstable 1
- nixos-unstable-small 1

pkgs.pkgsRocm.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.vscode-extensions.firefox-devtools.vscode-firefox-debug

Visual Studio Code extension for debugging web applications and browser extensions in Firefox

nixos-unstable 2.15.0
- nixpkgs-unstable 2.15.0
- nixos-unstable-small 2.15.0
nixos-25.11 2.15.0
- nixos-25.11-small 2.15.0
- nixpkgs-25.11-darwin 2.15.0

Package maintainers

@pmahoney Patrick Mahoney <pat@polycrystal.org>
@magnetophon Bart Brouns <bart@magnetophon.nl>
@jopejoe1 jopejoe1 <nixpkgs@missing.ninja>
@rhendric Ryan Hendrickson
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@ambroisie Bruno BELANYI <bruno.nixpkgs@belanyi.fr>
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
@schnusch schnusch
@pasqui23 pasqui23 <p3dimaria@hotmail.it>
@camillemndn Camille M. <camillemondon@free.fr>
@honnip Jung seungwoo <me@honnip.page>
@vcunat Vladimír Čunát <v@cunat.cz>
@nbp Nicolas B. Pierron <nixos@nbp.name>
@felschr Felix Schröter <dev@felschr.com>
@nekowinston winston <hey@winston.sh>
@booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com>

Permalink CVE-2026-2762

created 3 weeks, 4 days ago

Integer overflow in the JavaScript: Standard Library component

Integer overflow in the JavaScript: Standard Library component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

References

Affected products

Firefox

<148

Firefox ESR

<140.8

Thunderbird

<140.8
<148

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

nixos-unstable 2.18.0
- nixpkgs-unstable 2.18.0
- nixos-unstable-small 2.18.0
nixos-25.11 2.18.0
- nixos-25.11-small 2.18.0
- nixpkgs-25.11-darwin 2.18.0

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

nixos-unstable 2.83.1
- nixpkgs-unstable 2.83.1
- nixos-unstable-small 2.83.1
nixos-25.11 2.79.3
- nixos-25.11-small 2.79.3
- nixpkgs-25.11-darwin 2.79.3

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

nixos-unstable 1.1.1
- nixpkgs-unstable 1.1.1
- nixos-unstable-small 1.1.1
nixos-25.11 1.1.1
- nixos-25.11-small 1.1.1
- nixpkgs-25.11-darwin 1.1.1

pkgs.pkgsRocm.firefox

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-unwrapped

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-gnome-theme

GNOME theme for Firefox

nixos-unstable 143
- nixpkgs-unstable 143
- nixos-unstable-small 143
nixos-25.11 143
- nixos-25.11-small 143
- nixpkgs-25.11-darwin 143

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

nixos-unstable 1.9.0
- nixpkgs-unstable 1.9.0
- nixos-unstable-small 1.9.0
nixos-25.11 1.9.0
- nixos-25.11-small 1.9.0
- nixpkgs-25.11-darwin 1.9.0

pkgs.pkgsRocm.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

nixos-unstable 2.18.0
- nixpkgs-unstable 2.18.0
- nixos-unstable-small 2.18.0
nixos-25.11 2.18.0
- nixos-25.11-small 2.18.0
- nixpkgs-25.11-darwin 2.18.0

pkgs.pkgsRocm.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-esr-unwrapped

Web browser built from Firefox source tree

nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.8.0esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-beta

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbird-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-beta-unwrapped

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.firefox-mobile

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-esr-140-unwrapped

Web browser built from Firefox source tree

nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.8.0esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbird-128-unwrapped

Full-featured e-mail client

pkgs.thunderbird-140-unwrapped

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbird-esr-unwrapped

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-unwrapped

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.pkgsRocm.firefox-devedition

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-devedition-unwrapped

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbird-latest-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.thunderbird-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.firefox-beta-unwrapped

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbirdPackages.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

nixos-unstable 5
- nixpkgs-unstable 5
- nixos-unstable-small 5
nixos-25.11 5
- nixos-25.11-small 5
- nixpkgs-25.11-darwin 5

pkgs.roundcubePlugins.thunderbird_labels

None

nixos-unstable 1.6.0
- nixpkgs-unstable 1.6.0
- nixos-unstable-small 1.6.0
nixos-25.11 1.6.0
- nixos-25.11-small 1.6.0
- nixpkgs-25.11-darwin 1.6.0

pkgs.thunderbirdPackages.thunderbird-128

Full-featured e-mail client

pkgs.thunderbirdPackages.thunderbird-140

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbirdPackages.thunderbird-esr

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-devedition-unwrapped

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.thunderbird-latest-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.thunderbirdPackages.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.gnomeExtensions.firefox-pip-always-on-top

Automatically sets Picture-in-Picture windows to always be on top and visible on all workspaces

nixos-unstable 4
- nixpkgs-unstable 4
- nixos-unstable-small 4

pkgs.gnomeExtensions.pip-alwaysontop-for-firefox

Enable Picture-in-Picture(PIP) mode to always be on for Firefox in Gnome.

nixos-unstable 1
- nixpkgs-unstable 1
- nixos-unstable-small 1

pkgs.pkgsRocm.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.vscode-extensions.firefox-devtools.vscode-firefox-debug

Visual Studio Code extension for debugging web applications and browser extensions in Firefox

nixos-unstable 2.15.0
- nixpkgs-unstable 2.15.0
- nixos-unstable-small 2.15.0
nixos-25.11 2.15.0
- nixos-25.11-small 2.15.0
- nixpkgs-25.11-darwin 2.15.0

Package maintainers

@pmahoney Patrick Mahoney <pat@polycrystal.org>
@magnetophon Bart Brouns <bart@magnetophon.nl>
@jopejoe1 jopejoe1 <nixpkgs@missing.ninja>
@rhendric Ryan Hendrickson
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@ambroisie Bruno BELANYI <bruno.nixpkgs@belanyi.fr>
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
@schnusch schnusch
@pasqui23 pasqui23 <p3dimaria@hotmail.it>
@camillemndn Camille M. <camillemondon@free.fr>
@honnip Jung seungwoo <me@honnip.page>
@vcunat Vladimír Čunát <v@cunat.cz>
@nbp Nicolas B. Pierron <nixos@nbp.name>
@felschr Felix Schröter <dev@felschr.com>
@nekowinston winston <hey@winston.sh>
@booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com>

Automatically generated suggestions

References

Affected products

Matching in nixpkgs

pkgs.firefoxpwa

pkgs.faust2firefox

pkgs.firefox_decrypt

pkgs.pkgsRocm.firefox

pkgs.firefox-unwrapped

pkgs.firefox-gnome-theme

pkgs.firefox-sync-client

pkgs.pkgsRocm.firefoxpwa

pkgs.pkgsRocm.thunderbird

pkgs.firefox-esr-unwrapped

pkgs.pkgsRocm.firefox-beta

pkgs.thunderbird-unwrapped

pkgs.firefox-beta-unwrapped

pkgs.pkgsRocm.firefox-mobile

pkgs.firefox-esr-140-unwrapped

pkgs.thunderbird-128-unwrapped

pkgs.thunderbird-140-unwrapped

pkgs.thunderbird-esr-unwrapped

pkgs.pkgsRocm.firefox-unwrapped

pkgs.pkgsRocm.firefox-devedition

pkgs.pkgsRocm.thunderbird-latest

pkgs.firefox-devedition-unwrapped

pkgs.thunderbird-latest-unwrapped

pkgs.pkgsRocm.thunderbird-unwrapped

pkgs.pkgsRocm.firefox-beta-unwrapped

pkgs.thunderbirdPackages.thunderbird

pkgs.gnomeExtensions.firefox-profiles

pkgs.roundcubePlugins.thunderbird_labels

pkgs.thunderbirdPackages.thunderbird-128

pkgs.thunderbirdPackages.thunderbird-140

pkgs.thunderbirdPackages.thunderbird-esr

pkgs.pkgsRocm.firefox-devedition-unwrapped

pkgs.pkgsRocm.thunderbird-latest-unwrapped

pkgs.thunderbirdPackages.thunderbird-latest

pkgs.pkgsRocm.thunderbirdPackages.thunderbird

pkgs.gnomeExtensions.firefox-pip-always-on-top

pkgs.gnomeExtensions.pip-alwaysontop-for-firefox

pkgs.pkgsRocm.thunderbirdPackages.thunderbird-latest

pkgs.vscode-extensions.firefox-devtools.vscode-firefox-debug

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.firefoxpwa

pkgs.faust2firefox

pkgs.firefox_decrypt

pkgs.pkgsRocm.firefox

pkgs.firefox-unwrapped

pkgs.firefox-gnome-theme

pkgs.firefox-sync-client

pkgs.pkgsRocm.firefoxpwa

pkgs.pkgsRocm.thunderbird

pkgs.firefox-esr-unwrapped

pkgs.pkgsRocm.firefox-beta

pkgs.thunderbird-unwrapped

pkgs.firefox-beta-unwrapped

pkgs.pkgsRocm.firefox-mobile

pkgs.firefox-esr-140-unwrapped

pkgs.thunderbird-128-unwrapped

pkgs.thunderbird-140-unwrapped

pkgs.thunderbird-esr-unwrapped

pkgs.pkgsRocm.firefox-unwrapped

pkgs.pkgsRocm.firefox-devedition

pkgs.pkgsRocm.thunderbird-latest

pkgs.firefox-devedition-unwrapped

pkgs.thunderbird-latest-unwrapped

pkgs.pkgsRocm.thunderbird-unwrapped

pkgs.pkgsRocm.firefox-beta-unwrapped

pkgs.thunderbirdPackages.thunderbird

pkgs.gnomeExtensions.firefox-profiles

pkgs.roundcubePlugins.thunderbird_labels

pkgs.thunderbirdPackages.thunderbird-128

pkgs.thunderbirdPackages.thunderbird-140

pkgs.thunderbirdPackages.thunderbird-esr

pkgs.pkgsRocm.firefox-devedition-unwrapped

pkgs.pkgsRocm.thunderbird-latest-unwrapped