Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 045
SUSE-SU-2025:3760-1
Security update for mozilla-nss
SUSE-SU-2025:3759-1
Security update for mozilla-nss
GHSA-wjv8-8vf9-mrv8
The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This vulnerability affects Firefox < 144.
GHSA-ff52-484q-63r5
A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.
GHSA-2w7r-ggfp-x894
A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.
GHSA-wvmm-cxmc-39xj
Starting in Firefox 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability affects Firefox < 144 and Thunderbird < 144.
GHSA-p8g8-q63w-8jgm
Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability affects Firefox < 144 and Thunderbird < 144.
GHSA-r25g-xjc5-pcrv
Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144 and Thunderbird < 144.
GHSA-rf6g-cf9f-g4v7
A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.
GHSA-h7jc-cc8w-wcwg
Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | SUSE-SU-2025:3760-1 Security update for mozilla-nss | 0% Низкий | 10 дней назад | |
| SUSE-SU-2025:3759-1 Security update for mozilla-nss | 0% Низкий | 10 дней назад | |
| GHSA-wjv8-8vf9-mrv8 The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This vulnerability affects Firefox < 144. | CVSS3: 8.1 | 0% Низкий | 19 дней назад |
| GHSA-ff52-484q-63r5 A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | CVSS3: 9.8 | 0% Низкий | 19 дней назад |
| GHSA-2w7r-ggfp-x894 A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | CVSS3: 9.8 | 0% Низкий | 19 дней назад |
| GHSA-wvmm-cxmc-39xj Starting in Firefox 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability affects Firefox < 144 and Thunderbird < 144. | CVSS3: 9.8 | 0% Низкий | 19 дней назад |
| GHSA-p8g8-q63w-8jgm Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability affects Firefox < 144 and Thunderbird < 144. | CVSS3: 6.5 | 0% Низкий | 19 дней назад |
| GHSA-r25g-xjc5-pcrv Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144 and Thunderbird < 144. | CVSS3: 9.8 | 0% Низкий | 19 дней назад |
| GHSA-rf6g-cf9f-g4v7 A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | CVSS3: 6.1 | 0% Низкий | 19 дней назад |
| GHSA-h7jc-cc8w-wcwg Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | CVSS3: 9.8 | 0% Низкий | 19 дней назад |
Уязвимостей на страницу