Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 156

CVE-2024-8388

около 1 года назад

Multiple prompts and panels from both Firefox and the Android OS could ...

CVSS3: 5.3

EPSS: Низкий

CVE-2024-8387

около 1 года назад

Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.

CVSS3: 9.8

EPSS: Низкий

CVE-2024-8387

около 1 года назад

Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thun ...

CVSS3: 9.8

EPSS: Низкий

CVE-2024-8386

около 1 года назад

If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.

CVSS3: 6.1

EPSS: Низкий

CVE-2024-8386

около 1 года назад

If a site had been granted the permission to open popup windows, it co ...

CVSS3: 6.1

EPSS: Низкий

CVE-2024-8385

около 1 года назад

A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.

CVSS3: 9.8

EPSS: Низкий

CVE-2024-8385

около 1 года назад

A difference in the handling of StructFields and ArrayTypes in WASM co ...

CVSS3: 9.8

EPSS: Низкий

CVE-2024-8384

около 1 года назад

The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.

CVSS3: 9.8

EPSS: Низкий

CVE-2024-8384

около 1 года назад

The JavaScript garbage collector could mis-color cross-compartment obj ...

CVSS3: 9.8

EPSS: Низкий

CVE-2024-8383

около 1 года назад

Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2024-8388 Multiple prompts and panels from both Firefox and the Android OS could ...	CVSS3: 5.3	1% Низкий	около 1 года назад
CVE-2024-8387 Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.	CVSS3: 9.8	0% Низкий	около 1 года назад
CVE-2024-8387 Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thun ...	CVSS3: 9.8	0% Низкий	около 1 года назад
CVE-2024-8386 If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.	CVSS3: 6.1	0% Низкий	около 1 года назад
CVE-2024-8386 If a site had been granted the permission to open popup windows, it co ...	CVSS3: 6.1	0% Низкий	около 1 года назад
CVE-2024-8385 A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.	CVSS3: 9.8	0% Низкий	около 1 года назад
CVE-2024-8385 A difference in the handling of StructFields and ArrayTypes in WASM co ...	CVSS3: 9.8	0% Низкий	около 1 года назад
CVE-2024-8384 The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.	CVSS3: 9.8	0% Низкий	около 1 года назад
CVE-2024-8384 The JavaScript garbage collector could mis-color cross-compartment obj ...	CVSS3: 9.8	0% Низкий	около 1 года назад
CVE-2024-8383 Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.	CVSS3: 7.5	0% Низкий	около 1 года назад

Уязвимостей на страницу