Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 220
GHSA-vgc7-vqc6-2858
When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
GHSA-rqmx-jjch-gmgj
Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. This vulnerability affects Firefox < 126.
GHSA-vp32-xxhm-ppgv
Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. *This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126.
GHSA-x4vx-jp8h-mrcx
Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have lead to potential user confusion and spoofing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126.
GHSA-38mm-6p5m-rh38
A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox < 126.
GHSA-fffc-4hjp-2r9v
If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
GHSA-7ggp-cp85-r5cg
When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
GHSA-w694-6mxx-38mc
A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 126.
GHSA-64f6-885c-52vw
An HTTP digest authentication nonce value was generated using `rand()` which could lead to predictable values. This vulnerability affects Firefox < 126.
GHSA-36cp-x9pq-r87w
The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. This vulnerability affects Firefox < 126.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-vgc7-vqc6-2858 When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. | CVSS3: 5.9 | 0% Низкий | больше 1 года назад |
| GHSA-rqmx-jjch-gmgj Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. This vulnerability affects Firefox < 126. | CVSS3: 9.8 | 0% Низкий | больше 1 года назад |
| GHSA-vp32-xxhm-ppgv Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. *This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126. | CVSS3: 8.1 | 0% Низкий | больше 1 года назад |
| GHSA-x4vx-jp8h-mrcx Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have lead to potential user confusion and spoofing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126. | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
| GHSA-38mm-6p5m-rh38 A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox < 126. | CVSS3: 8.2 | 1% Низкий | больше 1 года назад |
| GHSA-fffc-4hjp-2r9v If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. | CVSS3: 4.3 | 1% Низкий | больше 1 года назад |
| GHSA-7ggp-cp85-r5cg When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. | CVSS3: 8.8 | 1% Низкий | больше 1 года назад |
| GHSA-w694-6mxx-38mc A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 126. | CVSS3: 8.6 | 1% Низкий | больше 1 года назад |
| GHSA-64f6-885c-52vw An HTTP digest authentication nonce value was generated using `rand()` which could lead to predictable values. This vulnerability affects Firefox < 126. | CVSS3: 5.9 | 0% Низкий | больше 1 года назад |
| GHSA-36cp-x9pq-r87w The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. This vulnerability affects Firefox < 126. | CVSS3: 6.5 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу