apk package

chainguard/firefox

pkg:apk/chainguard/firefox

Vulnerabilities (219)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-8954	Hig	7.5	< 151.0.1-r0	151.0.1-r0	May 19, 2026	Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-8953	Cri	9.6	< 151.0.1-r0	151.0.1-r0	May 19, 2026	Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-8947	Hig	7.3	< 151.0.1-r0	151.0.1-r0	May 19, 2026	Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-8946	Hig	7.5	< 151.0.1-r0	151.0.1-r0	May 19, 2026	Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-5735	Cri	9.8	< 149.0.2-r0	149.0.2-r0	Apr 7, 2026	Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2 and
CVE-2026-5734	Cri	9.8	< 149.0.2-r0	149.0.2-r0	Apr 7, 2026	Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This
CVE-2026-5733	Hig	8.8	< 149.0.2-r0	149.0.2-r0	Apr 7, 2026	Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2.
CVE-2026-5732	Hig	8.8	< 149.0.2-r0	149.0.2-r0	Apr 7, 2026	Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.
CVE-2026-5731	Cri	9.8	< 149.0.2-r0	149.0.2-r0	Apr 7, 2026	Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run
CVE-2026-4729	Cri	9.8	< 149.0-r0	149.0-r0	Mar 24, 2026	Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149 and Thunderbird
CVE-2026-4728	Med	6.5	< 149.0-r0	149.0-r0	Mar 24, 2026	Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
CVE-2026-4727	Hig	7.5	< 149.0-r0	149.0-r0	Mar 24, 2026	Denial-of-service in the Libraries component in NSS. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
CVE-2026-4726	Hig	7.5	< 149.0-r0	149.0-r0	Mar 24, 2026	Denial-of-service in the XML component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
CVE-2026-4725	Cri	10.0	< 149.0-r0	149.0-r0	Mar 24, 2026	Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
CVE-2026-4724	Cri	9.1	< 149.0-r0	149.0-r0	Mar 24, 2026	Undefined behavior in the Audio/Video component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
CVE-2026-4723	Cri	9.8	< 149.0-r0	149.0-r0	Mar 24, 2026	Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
CVE-2026-4722	Hig	8.8	< 149.0-r0	149.0-r0	Mar 24, 2026	Privilege escalation in the IPC component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
CVE-2026-4721	Cri	9.8	< 149.0-r0	149.0-r0	Mar 24, 2026	Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary cod
CVE-2026-4720	Cri	9.8	< 149.0-r0	149.0-r0	Mar 24, 2026	Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerabilit
CVE-2026-4719	Hig	7.5	< 149.0-r0	149.0-r0	Mar 24, 2026	Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

CVE-2026-8954HigMay 19, 2026
affected < 151.0.1-r0fixed 151.0.1-r0
Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-8953CriMay 19, 2026
affected < 151.0.1-r0fixed 151.0.1-r0
Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-8947HigMay 19, 2026
affected < 151.0.1-r0fixed 151.0.1-r0
Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-8946HigMay 19, 2026
affected < 151.0.1-r0fixed 151.0.1-r0
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-5735CriApr 7, 2026
affected < 149.0.2-r0fixed 149.0.2-r0
Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2 and
CVE-2026-5734CriApr 7, 2026
affected < 149.0.2-r0fixed 149.0.2-r0
Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This
CVE-2026-5733HigApr 7, 2026
affected < 149.0.2-r0fixed 149.0.2-r0
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2.
CVE-2026-5732HigApr 7, 2026
affected < 149.0.2-r0fixed 149.0.2-r0
Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.
CVE-2026-5731CriApr 7, 2026
affected < 149.0.2-r0fixed 149.0.2-r0
Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run
CVE-2026-4729CriMar 24, 2026
affected < 149.0-r0fixed 149.0-r0
Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149 and Thunderbird
CVE-2026-4728MedMar 24, 2026
affected < 149.0-r0fixed 149.0-r0
Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
CVE-2026-4727HigMar 24, 2026
affected < 149.0-r0fixed 149.0-r0
Denial-of-service in the Libraries component in NSS. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
CVE-2026-4726HigMar 24, 2026
affected < 149.0-r0fixed 149.0-r0
Denial-of-service in the XML component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
CVE-2026-4725CriMar 24, 2026
affected < 149.0-r0fixed 149.0-r0
Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
CVE-2026-4724CriMar 24, 2026
affected < 149.0-r0fixed 149.0-r0
Undefined behavior in the Audio/Video component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
CVE-2026-4723CriMar 24, 2026
affected < 149.0-r0fixed 149.0-r0
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
CVE-2026-4722HigMar 24, 2026
affected < 149.0-r0fixed 149.0-r0
Privilege escalation in the IPC component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
CVE-2026-4721CriMar 24, 2026
affected < 149.0-r0fixed 149.0-r0
Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary cod
CVE-2026-4720CriMar 24, 2026
affected < 149.0-r0fixed 149.0-r0
Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerabilit
CVE-2026-4719HigMar 24, 2026
affected < 149.0-r0fixed 149.0-r0
Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Page 1 of 11