Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 156
CVE-2024-6613
The frame iterator could get stuck in a loop when encountering certain ...
CVE-2024-6612
CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128 and Thunderbird < 128.
CVE-2024-6612
CSP violations generated links in the console tab of the developer too ...
CVE-2024-6611
A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128.
CVE-2024-6611
A nested iframe, triggering a cross-site navigation, could send SameSi ...
CVE-2024-6610
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128.
CVE-2024-6610
Form validation popups could capture escape key presses. Therefore, sp ...
CVE-2024-6609
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128 and Thunderbird < 128.
CVE-2024-6609
When almost out-of-memory an elliptic curve key which was never alloca ...
CVE-2024-6608
It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2024-6613 The frame iterator could get stuck in a loop when encountering certain ... | CVSS3: 5.5 | 0% Низкий | больше 1 года назад |
 | CVE-2024-6612 CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128 and Thunderbird < 128. | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
| CVE-2024-6612 CSP violations generated links in the console tab of the developer too ... | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
| CVE-2024-6611 A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128. | CVSS3: 9.8 | 0% Низкий | больше 1 года назад |
| CVE-2024-6611 A nested iframe, triggering a cross-site navigation, could send SameSi ... | CVSS3: 9.8 | 0% Низкий | больше 1 года назад |
| CVE-2024-6610 Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128. | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
| CVE-2024-6610 Form validation popups could capture escape key presses. Therefore, sp ... | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
| CVE-2024-6609 When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128 and Thunderbird < 128. | CVSS3: 8.8 | 0% Низкий | больше 1 года назад |
| CVE-2024-6609 When almost out-of-memory an elliptic curve key which was never alloca ... | CVSS3: 8.8 | 0% Низкий | больше 1 года назад |
| CVE-2024-6608 It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128. | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу