- CVE-2022-31214 – was fixed in 0.9.70, reported by Matthias Gerstner and Birk Blechschmidt
- CVE-2021-26910 – was fixed in 0.9.64.4, reported by Roman Fiedler
- CVE-2020-17367 – was fixed in 0.9.62.2, reported by Tim Starling
- CVE-2020-17368 – was fixed in 0.9.62.2, reported by Tim Starling
- CVE-2019-12499 -was fixed in 0.9.60, 0.9.56.2-LTS
GitHub discussion: https://github.com/netblue30/firejail/issues/2401
- CVE-2019-12589 – was fixed in 0.9.60, 0.9.56.2-LTS
GitHub discussion thread: https://github.com/netblue30/firejail/issues/2718
Mainline fix: https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134
Patches for various Firejail versions: https://github.com/netblue30/firejail/tree/master/etc-fixes/seccomp-join-bug - CVE-2016-9016 – was fixed in 0.9.44
- CVE-2016-10117 – was fixed in 0.9.38
- CVE-2016-10118 – was fixed in 0.9.44.2 and 0.9.38.6
- CVE-2016-10119 – was fixed in 0.9.38
- CVE-2016-10120 – was fixed in 0.9.38
- CVE-2016-10121 – was fixed in 0.9.38
- CVE-2016-10122 – was fixed in 0.9.44.2
- CVE-2016-10123 – was fixed in 0.9.38
- CVE-2017-5180 – was fixed twice (there were two different ways to exploit this): originally in 0.9.38.8 and 0.9.44.4, and then later in 0.9.38.10 and 0.9.44.6 (see CVE-2017-5940 below).
- CVE-2017-5206 – was fixed in 0.9.44.4
- CVE-2017-5207 – was fixed in 0.9.44.4
- CVE-2017-5940 – was fixed in 0.9.38.10 and 0.9.44.6; this is a new CVE for the incomplete fix in CVE-2017-5180.