VYPR

apk package

wolfi/firefox

pkg:apk/wolfi/firefox

Vulnerabilities (490)

  • CVE-2026-6770MedApr 21, 2026
    affected < 140.10-r0fixed 140.10-r0

    Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6769HigApr 21, 2026
    affected < 140.10-r0fixed 140.10-r0

    Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6768CriApr 21, 2026
    affected < 150-r0fixed 150-r0

    Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2026-6765MedApr 21, 2026
    affected < 140.10-r0fixed 140.10-r0

    Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6764MedApr 21, 2026
    affected < 140.10-r0fixed 140.10-r0

    Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6763MedApr 21, 2026
    affected < 140.10-r0fixed 140.10-r0

    Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6762MedApr 21, 2026
    affected < 140.10-r0fixed 140.10-r0

    Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6761HigApr 21, 2026
    affected < 140.10-r0fixed 140.10-r0

    Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6760CriApr 21, 2026
    affected < 150-r0fixed 150-r0

    Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2026-6759HigApr 21, 2026
    affected < 140.10-r0fixed 140.10-r0

    Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6758HigApr 21, 2026
    affected < 150-r0fixed 150-r0

    Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2026-6757MedApr 21, 2026
    affected < 140.10-r0fixed 140.10-r0

    Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6756HigApr 21, 2026
    affected < 150-r0fixed 150-r0

    Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.

  • CVE-2026-6755MedApr 21, 2026
    affected < 150-r0fixed 150-r0

    Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2026-6754HigApr 21, 2026
    affected < 140.10-r0fixed 140.10-r0

    Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6753HigApr 21, 2026
    affected < 140.10-r0fixed 140.10-r0

    Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6752HigApr 21, 2026
    affected < 140.10-r0fixed 140.10-r0

    Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6751HigApr 21, 2026
    affected < 140.10-r0fixed 140.10-r0

    Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6749HigApr 21, 2026
    affected < 140.10-r0fixed 140.10-r0

    Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6748CriApr 21, 2026
    affected < 140.10-r0fixed 140.10-r0

    Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Page 5 of 25