Логотип exploitDog
product: "firefox"
Консоль
Логотип exploitDog

exploitDog

product: "firefox"
Mozilla Firefox

Mozilla Firefoxсвободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox
Вендор: mozilla

График релизов

11511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614720232024202520262027

Недавние уязвимости Mozilla Firefox

Количество 15 501

github логотип

GHSA-cxxg-52f9-f5mj

больше 2 лет назад

A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3cw5-74j7-6q4r

больше 2 лет назад

Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-52cj-9wxr-xfhp

больше 2 лет назад

A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-fpp8-6gxj-v3pg

больше 2 лет назад

When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS < 119.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-7mjf-v629-m8hm

больше 2 лет назад

An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-cw53-7m4g-22j6

больше 2 лет назад

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-p85h-gwrr-6mrj

больше 2 лет назад

An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3qmg-867g-8xrq

больше 2 лет назад

During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-hhqg-994q-93m3

больше 2 лет назад

Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-5c37-6j7c-hr7x

больше 2 лет назад

The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

CVSS3: 6.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
github логотип
GHSA-cxxg-52f9-f5mj

A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

CVSS3: 4.3
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3cw5-74j7-6q4r

Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119.

CVSS3: 5.3
0%
Низкий
больше 2 лет назад
github логотип
GHSA-52cj-9wxr-xfhp

A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119.

CVSS3: 4.3
0%
Низкий
больше 2 лет назад
github логотип
GHSA-fpp8-6gxj-v3pg

When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS < 119.

CVSS3: 6.1
0%
Низкий
больше 2 лет назад
github логотип
GHSA-7mjf-v629-m8hm

An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119.

CVSS3: 5.3
0%
Низкий
больше 2 лет назад
github логотип
GHSA-cw53-7m4g-22j6

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

CVSS3: 4.3
0%
Низкий
больше 2 лет назад
github логотип
GHSA-p85h-gwrr-6mrj

An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

CVSS3: 6.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3qmg-867g-8xrq

During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

CVSS3: 7.5
1%
Низкий
больше 2 лет назад
github логотип
GHSA-hhqg-994q-93m3

Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

CVSS3: 7.5
1%
Низкий
больше 2 лет назад
github логотип
GHSA-5c37-6j7c-hr7x

The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

CVSS3: 6.5
0%
Низкий
больше 2 лет назад

Уязвимостей на страницу


Поделиться