Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 220

CVE-2024-29943

больше 1 года назад

An attacker was able to perform an out-of-bounds read or write on a Ja ...

CVSS3: 9.8

EPSS: Средний

CVE-2024-29943

больше 1 года назад

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.

CVSS3: 9.8

EPSS: Средний

CVE-2024-29944

больше 1 года назад

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.

CVSS3: 8.4

EPSS: Низкий

CVE-2024-29943

больше 1 года назад

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.

CVSS3: 8.8

EPSS: Средний

CVE-2024-29944

больше 1 года назад

CVSS3: 8.8

EPSS: Низкий

BDU:2024-02304

больше 1 года назад

Уязвимость браузеров Mozilla Firefox и Firefox ESR, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код

CVSS3: 8.8

EPSS: Низкий

BDU:2024-02305

больше 1 года назад

Уязвимость браузера Mozilla Firefox, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

CVSS3: 8.8

EPSS: Средний

GHSA-pwwp-85rf-2286

больше 1 года назад

An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

CVSS3: 5.9

EPSS: Низкий

GHSA-g2hf-9hjx-2rxj

больше 1 года назад

NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

CVSS3: 6.5

EPSS: Низкий

GHSA-63p7-87m3-8c9v

больше 1 года назад

A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

CVSS3: 5.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2024-29943 An attacker was able to perform an out-of-bounds read or write on a Ja ...	CVSS3: 9.8	53% Средний	больше 1 года назад
CVE-2024-29943 An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.	CVSS3: 9.8	53% Средний	больше 1 года назад
CVE-2024-29944 An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.	CVSS3: 8.4	0% Низкий	больше 1 года назад
CVE-2024-29943 An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.	CVSS3: 8.8	53% Средний	больше 1 года назад
CVE-2024-29944 An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.	CVSS3: 8.8	0% Низкий	больше 1 года назад
BDU:2024-02304 Уязвимость браузеров Mozilla Firefox и Firefox ESR, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код	CVSS3: 8.8	0% Низкий	больше 1 года назад
BDU:2024-02305 Уязвимость браузера Mozilla Firefox, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании	CVSS3: 8.8	53% Средний	больше 1 года назад
GHSA-pwwp-85rf-2286 An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.	CVSS3: 5.9	0% Низкий	больше 1 года назад
GHSA-g2hf-9hjx-2rxj NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.	CVSS3: 6.5	1% Низкий	больше 1 года назад
GHSA-63p7-87m3-8c9v A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.	CVSS3: 5.5	1% Низкий	больше 1 года назад

Уязвимостей на страницу