Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 501
GHSA-w694-6mxx-38mc
A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 126.
GHSA-38mm-6p5m-rh38
A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox < 126.
GHSA-x4vx-jp8h-mrcx
Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have lead to potential user confusion and spoofing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126.
GHSA-vgc7-vqc6-2858
When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
GHSA-fffc-4hjp-2r9v
If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
CVE-2024-4778
Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126.
CVE-2024-4778
Memory safety bugs present in Firefox 125. Some of these bugs showed e ...
CVE-2024-4777
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
CVE-2024-4777
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thu ...
CVE-2024-4776
A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox < 126.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-w694-6mxx-38mc A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 126. | CVSS3: 8.6 | 1% Низкий | больше 1 года назад |
| GHSA-38mm-6p5m-rh38 A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox < 126. | CVSS3: 8.2 | 1% Низкий | больше 1 года назад |
| GHSA-x4vx-jp8h-mrcx Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have lead to potential user confusion and spoofing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126. | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
| GHSA-vgc7-vqc6-2858 When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. | CVSS3: 5.9 | 1% Низкий | больше 1 года назад |
| GHSA-fffc-4hjp-2r9v If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. | CVSS3: 4.3 | 1% Низкий | больше 1 года назад |
 | CVE-2024-4778 Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126. | CVSS3: 9.8 | 0% Низкий | больше 1 года назад |
| CVE-2024-4778 Memory safety bugs present in Firefox 125. Some of these bugs showed e ... | CVSS3: 9.8 | 0% Низкий | больше 1 года назад |
| CVE-2024-4777 Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. | CVSS3: 8.8 | 1% Низкий | больше 1 года назад |
| CVE-2024-4777 Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thu ... | CVSS3: 8.8 | 1% Низкий | больше 1 года назад |
| CVE-2024-4776 A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox < 126. | CVSS3: 8.2 | 1% Низкий | больше 1 года назад |
Уязвимостей на страницу