Логотип exploitDog
product: "firefox"
Консоль
Логотип exploitDog

exploitDog

product: "firefox"
Mozilla Firefox

Mozilla Firefoxсвободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox
Вендор: mozilla

График релизов

11511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614720232024202520262027

Недавние уязвимости Mozilla Firefox

Количество 15 491

debian логотип

CVE-2025-0238

около 1 года назад

Assuming a controlled failed memory allocation, an attacker could have ...

CVSS3: 5.3
EPSS: Низкий
nvd логотип

CVE-2025-0237

около 1 года назад

The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

CVSS3: 5.4
EPSS: Низкий
debian логотип

CVE-2025-0237

около 1 года назад

The WebChannel API, which is used to transport various information acr ...

CVSS3: 5.4
EPSS: Низкий
ubuntu логотип

CVE-2025-0247

около 1 года назад

Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134 and Thunderbird < 134.

CVSS3: 9.8
EPSS: Низкий
ubuntu логотип

CVE-2025-0240

около 1 года назад

Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

CVSS3: 4
EPSS: Низкий
ubuntu логотип

CVE-2025-0238

около 1 года назад

Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6.

CVSS3: 5.3
EPSS: Низкий
ubuntu логотип

CVE-2025-0241

около 1 года назад

When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

CVSS3: 7.7
EPSS: Низкий
ubuntu логотип

CVE-2025-0239

около 1 года назад

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

CVSS3: 4
EPSS: Низкий
ubuntu логотип

CVE-2025-0244

около 1 года назад

When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 134.

CVSS3: 5.3
EPSS: Низкий
ubuntu логотип

CVE-2025-0243

около 1 года назад

Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

CVSS3: 5.1
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
debian логотип
CVE-2025-0238

Assuming a controlled failed memory allocation, an attacker could have ...

CVSS3: 5.3
0%
Низкий
около 1 года назад
nvd логотип
CVE-2025-0237

The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

CVSS3: 5.4
0%
Низкий
около 1 года назад
debian логотип
CVE-2025-0237

The WebChannel API, which is used to transport various information acr ...

CVSS3: 5.4
0%
Низкий
около 1 года назад
ubuntu логотип
CVE-2025-0247

Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134 and Thunderbird < 134.

CVSS3: 9.8
1%
Низкий
около 1 года назад
ubuntu логотип
CVE-2025-0240

Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

CVSS3: 4
0%
Низкий
около 1 года назад
ubuntu логотип
CVE-2025-0238

Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6.

CVSS3: 5.3
0%
Низкий
около 1 года назад
ubuntu логотип
CVE-2025-0241

When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

CVSS3: 7.7
1%
Низкий
около 1 года назад
ubuntu логотип
CVE-2025-0239

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

CVSS3: 4
0%
Низкий
около 1 года назад
ubuntu логотип
CVE-2025-0244

When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 134.

CVSS3: 5.3
0%
Низкий
около 1 года назад
ubuntu логотип
CVE-2025-0243

Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

CVSS3: 5.1
0%
Низкий
около 1 года назад

Уязвимостей на страницу


Поделиться