Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 501

CVE-2024-10459

больше 1 года назад

An attacker could have caused a use-after-free when accessibility was ...

CVSS3: 7.5

EPSS: Низкий

CVE-2024-10458

больше 1 года назад

A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

CVSS3: 7.5

EPSS: Низкий

CVE-2024-10458

больше 1 года назад

A permission leak could have occurred from a trusted site to an untrus ...

CVSS3: 7.5

EPSS: Низкий

CVE-2024-10461

больше 1 года назад

In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

CVSS3: 6.1

EPSS: Низкий

CVE-2024-10462

больше 1 года назад

Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

CVSS3: 6.5

EPSS: Низкий

CVE-2024-10460

больше 1 года назад

The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

CVSS3: 5.3

EPSS: Низкий

CVE-2024-10466

больше 1 года назад

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

CVSS3: 7.5

EPSS: Низкий

CVE-2024-10459

больше 1 года назад

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

CVSS3: 7.5

EPSS: Низкий

CVE-2024-10467

больше 1 года назад

Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

CVSS3: 8.8

EPSS: Низкий

CVE-2024-10468

больше 1 года назад

Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.

CVSS3: 5.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2024-10459 An attacker could have caused a use-after-free when accessibility was ...	CVSS3: 7.5	1% Низкий	больше 1 года назад
CVE-2024-10458 A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.	CVSS3: 7.5	0% Низкий	больше 1 года назад
CVE-2024-10458 A permission leak could have occurred from a trusted site to an untrus ...	CVSS3: 7.5	0% Низкий	больше 1 года назад
CVE-2024-10461 In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.	CVSS3: 6.1	1% Низкий	больше 1 года назад
CVE-2024-10462 Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.	CVSS3: 6.5	1% Низкий	больше 1 года назад
CVE-2024-10460 The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.	CVSS3: 5.3	0% Низкий	больше 1 года назад
CVE-2024-10466 By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.	CVSS3: 7.5	1% Низкий	больше 1 года назад
CVE-2024-10459 An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.	CVSS3: 7.5	1% Низкий	больше 1 года назад
CVE-2024-10467 Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.	CVSS3: 8.8	1% Низкий	больше 1 года назад
CVE-2024-10468 Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.	CVSS3: 5.3	0% Низкий	больше 1 года назад

Уязвимостей на страницу