Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 225
CVE-2023-29542
A newline in a filename could have been used to bypass the file extens ...
CVE-2023-29534
Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.
CVE-2023-29534
Different techniques existed to obscure the fullscreen notification in ...
CVE-2023-25747
A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 110.1.0.
CVE-2023-25747
A potential use-after-free in libaudio was fixed by disabling the AAud ...
CVE-2023-25736
An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. This vulnerability affects Firefox < 110.
CVE-2023-25736
An invalid downcast from `nsHTMLDocument` to `nsIContent` could have l ...
CVE-2023-25733
The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110.
CVE-2023-25733
The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being ver ...
CVE-2019-25136
A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2023-29542 A newline in a filename could have been used to bypass the file extens ... | CVSS3: 9.8 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-29534 Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112. | CVSS3: 9.1 | 0% Низкий | больше 2 лет назад |
| CVE-2023-29534 Different techniques existed to obscure the fullscreen notification in ... | CVSS3: 9.1 | 0% Низкий | больше 2 лет назад |
| CVE-2023-25747 A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 110.1.0. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| CVE-2023-25747 A potential use-after-free in libaudio was fixed by disabling the AAud ... | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| CVE-2023-25736 An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. This vulnerability affects Firefox < 110. | CVSS3: 9.8 | 0% Низкий | больше 2 лет назад |
| CVE-2023-25736 An invalid downcast from `nsHTMLDocument` to `nsIContent` could have l ... | CVSS3: 9.8 | 0% Низкий | больше 2 лет назад |
| CVE-2023-25733 The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| CVE-2023-25733 The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being ver ... | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| CVE-2019-25136 A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70. | CVSS3: 10 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу