Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 034
GHSA-r25g-xjc5-pcrv
Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144 and Thunderbird < 144.
GHSA-wvmm-cxmc-39xj
Starting in Firefox 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability affects Firefox < 144 and Thunderbird < 144.
GHSA-cqj3-wx7w-jfx6
When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event This vulnerability affects Firefox < 144.
GHSA-pwc5-5wfj-q75c
Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect Firefox running on other operating systems. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.
CVE-2025-11721
Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144 and Thunderbird < 144.
CVE-2025-11721
Memory safety bug present in Firefox 143 and Thunderbird 143. This bug ...
CVE-2025-11720
The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This vulnerability affects Firefox < 144.
CVE-2025-11720
The Firefox and Firefox Focus UI for the Android custom tab feature on ...
CVE-2025-11719
Starting in Firefox 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability affects Firefox < 144 and Thunderbird < 144.
CVE-2025-11719
Starting in Firefox 143, the use of the native messaging API by web ex ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-r25g-xjc5-pcrv Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144 and Thunderbird < 144. | CVSS3: 9.8 | 0% Низкий | 20 дней назад |
| GHSA-wvmm-cxmc-39xj Starting in Firefox 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability affects Firefox < 144 and Thunderbird < 144. | CVSS3: 9.8 | 0% Низкий | 20 дней назад |
| GHSA-cqj3-wx7w-jfx6 When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event This vulnerability affects Firefox < 144. | CVSS3: 6.5 | 0% Низкий | 20 дней назад |
| GHSA-pwc5-5wfj-q75c Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect Firefox running on other operating systems. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | CVSS3: 8.1 | 0% Низкий | 20 дней назад |
 | CVE-2025-11721 Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144 and Thunderbird < 144. | CVSS3: 9.8 | 0% Низкий | 20 дней назад |
| CVE-2025-11721 Memory safety bug present in Firefox 143 and Thunderbird 143. This bug ... | CVSS3: 9.8 | 0% Низкий | 20 дней назад |
| CVE-2025-11720 The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This vulnerability affects Firefox < 144. | CVSS3: 8.1 | 0% Низкий | 20 дней назад |
| CVE-2025-11720 The Firefox and Firefox Focus UI for the Android custom tab feature on ... | CVSS3: 8.1 | 0% Низкий | 20 дней назад |
| CVE-2025-11719 Starting in Firefox 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability affects Firefox < 144 and Thunderbird < 144. | CVSS3: 9.8 | 0% Низкий | 20 дней назад |
| CVE-2025-11719 Starting in Firefox 143, the use of the native messaging API by web ex ... | CVSS3: 9.8 | 0% Низкий | 20 дней назад |
Уязвимостей на страницу