Логотип exploitDog
product: "firefox"
Консоль
Логотип exploitDog

exploitDog

product: "firefox"
Mozilla Firefox

Mozilla Firefoxсвободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox
Вендор: mozilla

График релизов

11511611711811912012112212312412512612712812913013113213313413513613713813914014120232024202520262027

Недавние уязвимости Mozilla Firefox

Количество 14 782

nvd логотип

CVE-2025-6431

около 1 месяца назад

When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140.

CVSS3: 6.5
EPSS: Низкий
debian логотип

CVE-2025-6431

около 1 месяца назад

When a link can be opened in an external application, Firefox for Andr ...

CVSS3: 6.5
EPSS: Низкий
nvd логотип

CVE-2025-6430

около 1 месяца назад

When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `&lt;embed&gt;` or `&lt;object&gt;` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

CVSS3: 6.1
EPSS: Низкий
debian логотип

CVE-2025-6430

около 1 месяца назад

When a file download is specified via the `Content-Disposition` header ...

CVSS3: 6.1
EPSS: Низкий
nvd логотип

CVE-2025-6429

около 1 месяца назад

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

CVSS3: 6.5
EPSS: Низкий
debian логотип

CVE-2025-6429

около 1 месяца назад

Firefox could have incorrectly parsed a URL and rewritten it to the yo ...

CVSS3: 6.5
EPSS: Низкий
nvd логотип

CVE-2025-6428

около 1 месяца назад

When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140.

CVSS3: 4.3
EPSS: Низкий
debian логотип

CVE-2025-6428

около 1 месяца назад

When a URL was provided in a link querystring parameter, Firefox for A ...

CVSS3: 4.3
EPSS: Низкий
nvd логотип

CVE-2025-6427

около 1 месяца назад

An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox < 140 and Thunderbird < 140.

CVSS3: 9.1
EPSS: Низкий
debian логотип

CVE-2025-6427

около 1 месяца назад

An attacker was able to bypass the `connect-src` directive of a Conten ...

CVSS3: 9.1
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
nvd логотип
CVE-2025-6431

When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140.

CVSS3: 6.5
0%
Низкий
около 1 месяца назад
debian логотип
CVE-2025-6431

When a link can be opened in an external application, Firefox for Andr ...

CVSS3: 6.5
0%
Низкий
около 1 месяца назад
nvd логотип
CVE-2025-6430

When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `&lt;embed&gt;` or `&lt;object&gt;` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

CVSS3: 6.1
0%
Низкий
около 1 месяца назад
debian логотип
CVE-2025-6430

When a file download is specified via the `Content-Disposition` header ...

CVSS3: 6.1
0%
Низкий
около 1 месяца назад
nvd логотип
CVE-2025-6429

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

CVSS3: 6.5
0%
Низкий
около 1 месяца назад
debian логотип
CVE-2025-6429

Firefox could have incorrectly parsed a URL and rewritten it to the yo ...

CVSS3: 6.5
0%
Низкий
около 1 месяца назад
nvd логотип
CVE-2025-6428

When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140.

CVSS3: 4.3
0%
Низкий
около 1 месяца назад
debian логотип
CVE-2025-6428

When a URL was provided in a link querystring parameter, Firefox for A ...

CVSS3: 4.3
0%
Низкий
около 1 месяца назад
nvd логотип
CVE-2025-6427

An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox < 140 and Thunderbird < 140.

CVSS3: 9.1
0%
Низкий
около 1 месяца назад
debian логотип
CVE-2025-6427

An attacker was able to bypass the `connect-src` directive of a Conten ...

CVSS3: 9.1
0%
Низкий
около 1 месяца назад

Уязвимостей на страницу


Поделиться