firefox (Ubuntu:20.04:LTS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Ubuntu:20.04:LTS package firefox, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (15)
CVE-2024-10004 — CVSS 9.1 (critical): Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in…
CVE-2025-2817 — CVSS 8.8 (high): Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the…
CVE-2025-3033 — CVSS 7.7 (high): After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects…
CVE-2025-4086 — CVSS 6.5 (medium): A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in…
CVE-2024-9391 — CVSS 6.5 (medium): A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may…
CVE-2025-23109 — CVSS 6.5 (medium): Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address. This vulnerability was…
CVE-2025-4082 — CVSS 5.9 (medium): Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could…
CVE-2025-4084 — CVSS 5.7 (medium): Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this…
CVE-2024-53976 — CVSS 5.4 (medium): Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what…
CVE-2025-27426 — CVSS 5.4 (medium): Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL. This vulnerability was…
CVE-2025-4090 — CVSS 5.3 (medium): A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability…
CVE-2024-9395 — CVSS 5.3 (medium): A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog…
CVE-2025-27425 — CVSS 4.3 (medium): Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a…
CVE-2025-27424 — CVSS 4.3 (medium): Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page. This vulnerability was…
CVE-2025-23108 — CVSS 4.3 (medium): Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the…