Mozilla Firefox — свободный браузер на движке Gecko

Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, and Firefox ESR < 115.19.

Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134 and Thunderbird < 134.

Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of ...

When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This vulnerability affects Firefox < 134.

When using an invalid protocol scheme, an attacker could spoof the add ...

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox < 134.

Under certain circumstances, a user opt-in setting that Focus should r ...

When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 134.

When redirecting to an invalid protocol scheme, an attacker could spoo ...

Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.