Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 220

GHSA-9m3j-vpcw-4f37

почти 2 года назад

A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 123 and Firefox ESR < 115.8.

CVSS3: 4.3

EPSS: Низкий

GHSA-w267-2gcr-ggcp

почти 2 года назад

When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123 and Firefox ESR < 115.8.

CVSS3: 7.5

EPSS: Низкий

GHSA-hmqj-rccj-3q53

почти 2 года назад

Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123 and Firefox ESR < 115.8.

CVSS3: 6.5

EPSS: Низкий

CVE-2024-1557

почти 2 года назад

Memory safety bugs present in Firefox 122. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123.

CVSS3: 8.1

EPSS: Низкий

CVE-2024-1557

почти 2 года назад

Memory safety bugs present in Firefox 122. Some of these bugs showed e ...

CVSS3: 8.1

EPSS: Низкий

CVE-2024-1556

почти 2 года назад

The incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox < 123.

CVSS3: 6.5

EPSS: Низкий

CVE-2024-1556

почти 2 года назад

The incorrect object was checked for NULL in the built-in profiler, po ...

CVSS3: 6.5

EPSS: Низкий

CVE-2024-1555

почти 2 года назад

When opening a website using the `firefox://` protocol handler, SameSite cookies were not properly respected. This vulnerability affects Firefox < 123.

CVSS3: 8.3

EPSS: Низкий

CVE-2024-1555

почти 2 года назад

When opening a website using the `firefox://` protocol handler, SameSi ...

CVSS3: 8.3

EPSS: Низкий

CVE-2024-1554

почти 2 года назад

The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers `fetch()` may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a `fetch()` response controlled by the additional headers. Upon navigation to the same URL, the user would see the cached response instead of the expected response. This vulnerability affects Firefox < 123.

CVSS3: 9.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
GHSA-9m3j-vpcw-4f37 A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 123 and Firefox ESR < 115.8.	CVSS3: 4.3	1% Низкий	почти 2 года назад
GHSA-w267-2gcr-ggcp When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123 and Firefox ESR < 115.8.	CVSS3: 7.5	1% Низкий	почти 2 года назад
GHSA-hmqj-rccj-3q53 Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123 and Firefox ESR < 115.8.	CVSS3: 6.5	1% Низкий	почти 2 года назад
CVE-2024-1557 Memory safety bugs present in Firefox 122. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123.	CVSS3: 8.1	1% Низкий	почти 2 года назад
CVE-2024-1557 Memory safety bugs present in Firefox 122. Some of these bugs showed e ...	CVSS3: 8.1	1% Низкий	почти 2 года назад
CVE-2024-1556 The incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid memory access and undefined behavior. Note: This issue only affects the application when the profiler is running. This vulnerability affects Firefox < 123.	CVSS3: 6.5	0% Низкий	почти 2 года назад
CVE-2024-1556 The incorrect object was checked for NULL in the built-in profiler, po ...	CVSS3: 6.5	0% Низкий	почти 2 года назад
CVE-2024-1555 When opening a website using the `firefox://` protocol handler, SameSite cookies were not properly respected. This vulnerability affects Firefox < 123.	CVSS3: 8.3	0% Низкий	почти 2 года назад
CVE-2024-1555 When opening a website using the `firefox://` protocol handler, SameSi ...	CVSS3: 8.3	0% Низкий	почти 2 года назад
CVE-2024-1554 The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers `fetch()` may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a `fetch()` response controlled by the additional headers. Upon navigation to the same URL, the user would see the cached response instead of the expected response. This vulnerability affects Firefox < 123.	CVSS3: 9.8	0% Низкий	почти 2 года назад

Уязвимостей на страницу