Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 501

GHSA-4jp9-q9g7-48gr

около 1 года назад

When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

CVSS3: 8.8

EPSS: Низкий

GHSA-53mx-8hhc-gmp3

около 1 года назад

An attacker could have caused memory corruption due to a flaw in Apple's GPU driver; this can be avoided by working around the flaw. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5.

CVSS3: 8.8

EPSS: Низкий

GHSA-qxf6-g9x3-8w74

около 1 года назад

The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

CVSS3: 9.8

EPSS: Низкий

GHSA-cpxj-fx45-9pgm

около 1 года назад

An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

CVSS3: 4.3

EPSS: Низкий

CVE-2024-53976

около 1 года назад

Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133.

CVSS3: 5.4

EPSS: Низкий

CVE-2024-53976

около 1 года назад

Under certain circumstances, navigating to a webpage would result in t ...

CVSS3: 5.4

EPSS: Низкий

CVE-2024-53975

около 1 года назад

Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133.

CVSS3: 5.4

EPSS: Низкий

CVE-2024-53975

около 1 года назад

Accessing a non-secure HTTP site that uses a non-existent port may cau ...

CVSS3: 5.4

EPSS: Низкий

CVE-2024-11708

около 1 года назад

Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133.

CVSS3: 6.5

EPSS: Низкий

CVE-2024-11708

около 1 года назад

Missing thread synchronization primitives could have led to a data rac ...

CVSS3: 6.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
GHSA-4jp9-q9g7-48gr When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.	CVSS3: 8.8	0% Низкий	около 1 года назад
GHSA-53mx-8hhc-gmp3 An attacker could have caused memory corruption due to a flaw in Apple's GPU driver; this can be avoided by working around the flaw. Note: This issue only affected macOS operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5.	CVSS3: 8.8	0% Низкий	около 1 года назад
GHSA-qxf6-g9x3-8w74 The executable file warning was not presented when downloading .library-ms files. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.	CVSS3: 9.8	0% Низкий	около 1 года назад
GHSA-cpxj-fx45-9pgm An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.	CVSS3: 4.3	0% Низкий	около 1 года назад
CVE-2024-53976 Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133.	CVSS3: 5.4	0% Низкий	около 1 года назад
CVE-2024-53976 Under certain circumstances, navigating to a webpage would result in t ...	CVSS3: 5.4	0% Низкий	около 1 года назад
CVE-2024-53975 Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133.	CVSS3: 5.4	0% Низкий	около 1 года назад
CVE-2024-53975 Accessing a non-secure HTTP site that uses a non-existent port may cau ...	CVSS3: 5.4	0% Низкий	около 1 года назад
CVE-2024-11708 Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133.	CVSS3: 6.5	0% Низкий	около 1 года назад
CVE-2024-11708 Missing thread synchronization primitives could have led to a data rac ...	CVSS3: 6.5	0% Низкий	около 1 года назад

Уязвимостей на страницу