Логотип exploitDog
product: "firefox"
Консоль
Логотип exploitDog

exploitDog

product: "firefox"
Mozilla Firefox

Mozilla Firefoxсвободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox
Вендор: mozilla

График релизов

11511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614720232024202520262027

Недавние уязвимости Mozilla Firefox

Количество 15 501

debian логотип

CVE-2024-26282

почти 2 года назад

Using an AMP url with a canonical element, an attacker could have exec ...

CVSS3: 7.1
EPSS: Низкий
nvd логотип

CVE-2024-26281

почти 2 года назад

Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS < 123.

CVSS3: 4.7
EPSS: Низкий
debian логотип

CVE-2024-26281

почти 2 года назад

Upon scanning a JavaScript URI with the QR code scanner, an attacker c ...

CVSS3: 4.7
EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2024:0579-1

почти 2 года назад

Security update for mozilla-nss

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2024:0578-1

почти 2 года назад

Security update for mozilla-nss

EPSS: Низкий
github логотип

GHSA-wp8h-p32h-fwvc

почти 2 года назад

The incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox < 123.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-gqrh-wgmr-mm7v

почти 2 года назад

The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers `fetch()` may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a `fetch()` response controlled by the additional headers. Upon navigation to the same URL, the user would see the cached response instead of the expected response. This vulnerability affects Firefox < 123.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-8q5j-74vg-j4hr

почти 2 года назад

A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123 and Firefox ESR < 115.8.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-j6qq-7xp7-c5p5

почти 2 года назад

When opening a website using the `firefox://` protocol handler, SameSite cookies were not properly respected. This vulnerability affects Firefox < 123.

CVSS3: 8.3
EPSS: Низкий
github логотип

GHSA-625h-2cj8-8g77

почти 2 года назад

Memory safety bugs present in Firefox 122. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123.

CVSS3: 8.1
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
debian логотип
CVE-2024-26282

Using an AMP url with a canonical element, an attacker could have exec ...

CVSS3: 7.1
0%
Низкий
почти 2 года назад
nvd логотип
CVE-2024-26281

Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS < 123.

CVSS3: 4.7
0%
Низкий
почти 2 года назад
debian логотип
CVE-2024-26281

Upon scanning a JavaScript URI with the QR code scanner, an attacker c ...

CVSS3: 4.7
0%
Низкий
почти 2 года назад
suse-cvrf логотип
SUSE-SU-2024:0579-1

Security update for mozilla-nss

0%
Низкий
почти 2 года назад
suse-cvrf логотип
SUSE-SU-2024:0578-1

Security update for mozilla-nss

0%
Низкий
почти 2 года назад
github логотип
GHSA-wp8h-p32h-fwvc

The incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox < 123.

CVSS3: 6.5
0%
Низкий
почти 2 года назад
github логотип
GHSA-gqrh-wgmr-mm7v

The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers `fetch()` may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a `fetch()` response controlled by the additional headers. Upon navigation to the same URL, the user would see the cached response instead of the expected response. This vulnerability affects Firefox < 123.

CVSS3: 9.8
0%
Низкий
почти 2 года назад
github логотип
GHSA-8q5j-74vg-j4hr

A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123 and Firefox ESR < 115.8.

CVSS3: 6.1
0%
Низкий
почти 2 года назад
github логотип
GHSA-j6qq-7xp7-c5p5

When opening a website using the `firefox://` protocol handler, SameSite cookies were not properly respected. This vulnerability affects Firefox < 123.

CVSS3: 8.3
0%
Низкий
почти 2 года назад
github логотип
GHSA-625h-2cj8-8g77

Memory safety bugs present in Firefox 122. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123.

CVSS3: 8.1
1%
Низкий
почти 2 года назад

Уязвимостей на страницу


Поделиться