Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 501
CVE-2024-10464
Repeated writes to history interface attributes could have been used t ...
CVE-2024-10463
Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
CVE-2024-10463
Video frames could have been leaked between origins in some situations ...
CVE-2024-10462
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
CVE-2024-10462
Truncation of a long URL could have allowed origin spoofing in a permi ...
CVE-2024-10461
In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
CVE-2024-10461
In multipart/x-mixed-replace responses, `Content-Disposition: attachme ...
CVE-2024-10460
The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
CVE-2024-10460
The origin of an external protocol handler prompt could have been obsc ...
CVE-2024-10459
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2024-10464 Repeated writes to history interface attributes could have been used t ... | CVSS3: 6.5 | 1% Низкий | больше 1 года назад |
 | CVE-2024-10463 Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. | CVSS3: 6.5 | 0% Низкий | больше 1 года назад |
| CVE-2024-10463 Video frames could have been leaked between origins in some situations ... | CVSS3: 6.5 | 0% Низкий | больше 1 года назад |
| CVE-2024-10462 Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. | CVSS3: 6.5 | 1% Низкий | больше 1 года назад |
| CVE-2024-10462 Truncation of a long URL could have allowed origin spoofing in a permi ... | CVSS3: 6.5 | 1% Низкий | больше 1 года назад |
| CVE-2024-10461 In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. | CVSS3: 6.1 | 1% Низкий | больше 1 года назад |
| CVE-2024-10461 In multipart/x-mixed-replace responses, `Content-Disposition: attachme ... | CVSS3: 6.1 | 1% Низкий | больше 1 года назад |
| CVE-2024-10460 The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
| CVE-2024-10460 The origin of an external protocol handler prompt could have been obsc ... | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
| CVE-2024-10459 An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. | CVSS3: 7.5 | 1% Низкий | больше 1 года назад |
Уязвимостей на страницу