Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 501
CVE-2024-11696
The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
CVE-2024-11696
The application failed to account for exceptions thrown by the `loadMa ...
CVE-2024-11695
A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
CVE-2024-11695
A crafted URL containing Arabic script and whitespace characters could ...
CVE-2024-11694
Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.
CVE-2024-11694
Enhanced Tracking Protection's Strict mode may have inadvertently allo ...
CVE-2024-11693
The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
CVE-2024-11693
The executable file warning was not presented when downloading .librar ...
CVE-2024-11692
An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
CVE-2024-11692
An attacker could cause a select dropdown to be shown over another tab ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2024-11696 The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | CVSS3: 5.4 | 0% Низкий | около 1 года назад |
| CVE-2024-11696 The application failed to account for exceptions thrown by the `loadMa ... | CVSS3: 5.4 | 0% Низкий | около 1 года назад |
| CVE-2024-11695 A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | CVSS3: 5.4 | 0% Низкий | около 1 года назад |
| CVE-2024-11695 A crafted URL containing Arabic script and whitespace characters could ... | CVSS3: 5.4 | 0% Низкий | около 1 года назад |
| CVE-2024-11694 Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18. | CVSS3: 6.1 | 0% Низкий | около 1 года назад |
| CVE-2024-11694 Enhanced Tracking Protection's Strict mode may have inadvertently allo ... | CVSS3: 6.1 | 0% Низкий | около 1 года назад |
| CVE-2024-11693 The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | CVSS3: 9.8 | 0% Низкий | около 1 года назад |
| CVE-2024-11693 The executable file warning was not presented when downloading .librar ... | CVSS3: 9.8 | 0% Низкий | около 1 года назад |
| CVE-2024-11692 An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | CVSS3: 4.3 | 0% Низкий | около 1 года назад |
| CVE-2024-11692 An attacker could cause a select dropdown to be shown over another tab ... | CVSS3: 4.3 | 0% Низкий | около 1 года назад |
Уязвимостей на страницу