Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 225

CVE-2023-4584

около 2 лет назад

Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

CVSS3: 8.8

EPSS: Низкий

CVE-2023-4584

около 2 лет назад

Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ...

CVSS3: 8.8

EPSS: Низкий

CVE-2023-4583

около 2 лет назад

When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

CVSS3: 7.5

EPSS: Низкий

CVE-2023-4583

около 2 лет назад

When checking if the Browsing Context had been discarded in `HttpBaseC ...

CVSS3: 7.5

EPSS: Низкий

CVE-2023-4582

около 2 лет назад

Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS. *This bug only affects Firefox on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

CVSS3: 8.8

EPSS: Низкий

CVE-2023-4582

около 2 лет назад

Due to large allocation checks in Angle for glsl shaders being too len ...

CVSS3: 8.8

EPSS: Низкий

CVE-2023-4581

около 2 лет назад

Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

CVSS3: 4.3

EPSS: Низкий

CVE-2023-4581

около 2 лет назад

Excel `.xll` add-in files did not have a blocklist entry in Firefox's ...

CVSS3: 4.3

EPSS: Низкий

CVE-2023-4580

около 2 лет назад

Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

CVSS3: 6.5

EPSS: Низкий

CVE-2023-4580

около 2 лет назад

Push notifications stored on disk in private browsing mode were not be ...

CVSS3: 6.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2023-4584 Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.	CVSS3: 8.8	0% Низкий	около 2 лет назад
CVE-2023-4584 Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ...	CVSS3: 8.8	0% Низкий	около 2 лет назад
CVE-2023-4583 When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.	CVSS3: 7.5	0% Низкий	около 2 лет назад
CVE-2023-4583 When checking if the Browsing Context had been discarded in `HttpBaseC ...	CVSS3: 7.5	0% Низкий	около 2 лет назад
CVE-2023-4582 Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS. This bug only affects Firefox on macOS. Other operating systems are unaffected. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.	CVSS3: 8.8	1% Низкий	около 2 лет назад
CVE-2023-4582 Due to large allocation checks in Angle for glsl shaders being too len ...	CVSS3: 8.8	1% Низкий	около 2 лет назад
CVE-2023-4581 Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.	CVSS3: 4.3	0% Низкий	около 2 лет назад
CVE-2023-4581 Excel `.xll` add-in files did not have a blocklist entry in Firefox's ...	CVSS3: 4.3	0% Низкий	около 2 лет назад
CVE-2023-4580 Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.	CVSS3: 6.5	0% Низкий	около 2 лет назад
CVE-2023-4580 Push notifications stored on disk in private browsing mode were not be ...	CVSS3: 6.5	0% Низкий	около 2 лет назад

Уязвимостей на страницу