Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 225
CVE-2023-4579
Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117.
CVE-2023-4579
Search queries in the default search engine could appear to have been ...
CVE-2023-4578
When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
CVE-2023-4578
When calling `JS::CheckRegExpSyntax` a Syntax Error could have been se ...
CVE-2023-4577
When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
CVE-2023-4577
When `UpdateRegExpStatics` attempted to access `initialStringHeap` it ...
CVE-2023-4576
On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
CVE-2023-4576
On Windows, an integer overflow could occur in `RecordedSourceSurfaceC ...
CVE-2023-4575
When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
CVE-2023-4575
When creating a callback over IPC for showing the File Picker window, ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2023-4579 Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117. | CVSS3: 3.1 | 0% Низкий | около 2 лет назад |
| CVE-2023-4579 Search queries in the default search engine could appear to have been ... | CVSS3: 3.1 | 0% Низкий | около 2 лет назад |
| CVE-2023-4578 When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
| CVE-2023-4578 When calling `JS::CheckRegExpSyntax` a Syntax Error could have been se ... | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
| CVE-2023-4577 When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
| CVE-2023-4577 When `UpdateRegExpStatics` attempted to access `initialStringHeap` it ... | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
| CVE-2023-4576 On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. | CVSS3: 8.6 | 0% Низкий | около 2 лет назад |
| CVE-2023-4576 On Windows, an integer overflow could occur in `RecordedSourceSurfaceC ... | CVSS3: 8.6 | 0% Низкий | около 2 лет назад |
| CVE-2023-4575 When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
| CVE-2023-4575 When creating a callback over IPC for showing the File Picker window, ... | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу