Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 14 782
BDU:2025-06016
Уязвимость обработчика JavaScript-сценариев браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2025-06048
Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с записью за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код
BDU:2025-06658
Уязвимость объекта JavaScript "Promise" браузеров Mozilla Firefox, Firefox ESR, позволяющая нарушителю выполнить произвольный код
SUSE-SU-2025:1414-1
Security update for MozillaFirefox
GHSA-jgr2-rf9j-5fh3
Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird ESR < 128.10.
GHSA-vvxh-6r52-hj35
A security vulnerability in Firefox allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability affects Firefox < 138 and Thunderbird < 138.
GHSA-f4pj-f2qw-57cr
Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 138 and Thunderbird < 138.
GHSA-63pj-8c5p-x939
A vulnerability existed in Firefox for Android where potentially sensitive library locations were logged via Logcat. This vulnerability affects Firefox < 138 and Thunderbird < 138.
GHSA-jv2r-997x-hv7m
Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138 and Thunderbird < 138.
GHSA-8hvc-6h7p-6mcf
An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2025-06016 Уязвимость обработчика JavaScript-сценариев браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании | CVSS3: 8.8 | 0% Низкий | 3 месяца назад |
| BDU:2025-06048 Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с записью за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код | CVSS3: 8.8 | 0% Низкий | 3 месяца назад |
| BDU:2025-06658 Уязвимость объекта JavaScript "Promise" браузеров Mozilla Firefox, Firefox ESR, позволяющая нарушителю выполнить произвольный код | CVSS3: 8.8 | 3 месяца назад | |
 | SUSE-SU-2025:1414-1 Security update for MozillaFirefox | 0% Низкий | 3 месяца назад | |
| GHSA-jgr2-rf9j-5fh3 Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird ESR < 128.10. | CVSS3: 6.5 | 0% Низкий | 3 месяца назад |
| GHSA-vvxh-6r52-hj35 A security vulnerability in Firefox allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability affects Firefox < 138 and Thunderbird < 138. | CVSS3: 6.5 | 0% Низкий | 3 месяца назад |
| GHSA-f4pj-f2qw-57cr Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 138 and Thunderbird < 138. | CVSS3: 5.1 | 0% Низкий | 3 месяца назад |
| GHSA-63pj-8c5p-x939 A vulnerability existed in Firefox for Android where potentially sensitive library locations were logged via Logcat. This vulnerability affects Firefox < 138 and Thunderbird < 138. | CVSS3: 6.5 | 0% Низкий | 3 месяца назад |
| GHSA-jv2r-997x-hv7m Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138 and Thunderbird < 138. | CVSS3: 6.5 | 0% Низкий | 3 месяца назад |
| GHSA-8hvc-6h7p-6mcf An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138. | CVSS3: 7.1 | 0% Низкий | 3 месяца назад |
Уязвимостей на страницу