Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 501
GHSA-3xch-57qj-5x2p
In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. *This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121.
GHSA-5c8h-j5h5-r8w3
`EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.
GHSA-8fq6-p869-285x
When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
GHSA-cm9x-r8m9-x222
Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
GHSA-9f8v-397v-w8c6
Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121.
GHSA-96p4-h67r-wqfm
The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
GHSA-qm6q-r7qr-vxjp
Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox < 121.
CVE-2023-6873
Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121.
CVE-2023-6873
Memory safety bugs present in Firefox 120. Some of these bugs showed e ...
CVE-2023-6872
Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox < 121.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-3xch-57qj-5x2p In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. *This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121. | CVSS3: 4.3 | 0% Низкий | около 2 лет назад |
| GHSA-5c8h-j5h5-r8w3 `EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121. | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
| GHSA-8fq6-p869-285x When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | CVSS3: 5.3 | 0% Низкий | около 2 лет назад |
| GHSA-cm9x-r8m9-x222 Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | CVSS3: 8.8 | 0% Низкий | около 2 лет назад |
| GHSA-9f8v-397v-w8c6 Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121. | CVSS3: 8.8 | 1% Низкий | около 2 лет назад |
| GHSA-96p4-h67r-wqfm The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
| GHSA-qm6q-r7qr-vxjp Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox < 121. | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
 | CVE-2023-6873 Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121. | CVSS3: 8.8 | 1% Низкий | около 2 лет назад |
| CVE-2023-6873 Memory safety bugs present in Firefox 120. Some of these bugs showed e ... | CVSS3: 8.8 | 1% Низкий | около 2 лет назад |
| CVE-2023-6872 Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox < 121. | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу