Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 501

CVE-2023-6856

около 2 лет назад

The WebGL `DrawElementsInstanced` method was susceptible to a heap buf ...

CVSS3: 8.8

EPSS: Средний

CVE-2023-6135

около 2 лет назад

Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.

CVSS3: 4.3

EPSS: Низкий

CVE-2023-6135

около 2 лет назад

Multiple NSS NIST curves were susceptible to a side-channel attack kno ...

CVSS3: 4.3

EPSS: Низкий

CVE-2023-6866

около 2 лет назад

TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121.

CVSS3: 8.8

EPSS: Низкий

CVE-2023-6858

около 2 лет назад

Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

CVSS3: 8.8

EPSS: Низкий

CVE-2023-6856

около 2 лет назад

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

CVSS3: 8.8

EPSS: Средний

CVE-2023-6872

около 2 лет назад

Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox < 121.

CVSS3: 6.5

EPSS: Низкий

CVE-2023-6860

около 2 лет назад

The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

CVSS3: 6.5

EPSS: Низкий

CVE-2023-6869

около 2 лет назад

A `<dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121.

CVSS3: 6.5

EPSS: Низкий

CVE-2023-6857

около 2 лет назад

When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

CVSS3: 5.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2023-6856 The WebGL `DrawElementsInstanced` method was susceptible to a heap buf ...	CVSS3: 8.8	12% Средний	около 2 лет назад
CVE-2023-6135 Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.	CVSS3: 4.3	0% Низкий	около 2 лет назад
CVE-2023-6135 Multiple NSS NIST curves were susceptible to a side-channel attack kno ...	CVSS3: 4.3	0% Низкий	около 2 лет назад
CVE-2023-6866 TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121.	CVSS3: 8.8	1% Низкий	около 2 лет назад
CVE-2023-6858 Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.	CVSS3: 8.8	0% Низкий	около 2 лет назад
CVE-2023-6856 The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.	CVSS3: 8.8	12% Средний	около 2 лет назад
CVE-2023-6872 Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox < 121.	CVSS3: 6.5	0% Низкий	около 2 лет назад
CVE-2023-6860 The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.	CVSS3: 6.5	0% Низкий	около 2 лет назад
CVE-2023-6869 A `<dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121.	CVSS3: 6.5	0% Низкий	около 2 лет назад
CVE-2023-6857 When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.	CVSS3: 5.3	0% Низкий	около 2 лет назад

Уязвимостей на страницу