Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 151

CVE-2025-8037

4 месяца назад

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

CVSS3: 9.1

EPSS: Низкий

CVE-2025-8036

4 месяца назад

Thunderbird cached CORS preflight responses across IP address changes. ...

CVSS3: 8.1

EPSS: Низкий

CVE-2025-8036

4 месяца назад

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

CVSS3: 8.1

EPSS: Низкий

CVE-2025-8035

4 месяца назад

Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128. ...

CVSS3: 8.8

EPSS: Низкий

CVE-2025-8035

4 месяца назад

Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

CVSS3: 8.8

EPSS: Низкий

CVE-2025-8034

4 месяца назад

Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, ...

CVSS3: 8.8

EPSS: Низкий

CVE-2025-8034

4 месяца назад

Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

CVSS3: 8.8

EPSS: Низкий

CVE-2025-8033

4 месяца назад

The JavaScript engine did not handle closed generators correctly and i ...

CVSS3: 6.5

EPSS: Низкий

CVE-2025-8033

4 месяца назад

The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

CVSS3: 6.5

EPSS: Низкий

CVE-2025-8032

4 месяца назад

XSLT document loading did not correctly propagate the source document ...

CVSS3: 8.1

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2025-8037 Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.	CVSS3: 9.1	0% Низкий	4 месяца назад
CVE-2025-8036 Thunderbird cached CORS preflight responses across IP address changes. ...	CVSS3: 8.1	0% Низкий	4 месяца назад
CVE-2025-8036 Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.	CVSS3: 8.1	0% Низкий	4 месяца назад
CVE-2025-8035 Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128. ...	CVSS3: 8.8	0% Низкий	4 месяца назад
CVE-2025-8035 Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.	CVSS3: 8.8	0% Низкий	4 месяца назад
CVE-2025-8034 Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, ...	CVSS3: 8.8	0% Низкий	4 месяца назад
CVE-2025-8034 Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.	CVSS3: 8.8	0% Низкий	4 месяца назад
CVE-2025-8033 The JavaScript engine did not handle closed generators correctly and i ...	CVSS3: 6.5	0% Низкий	4 месяца назад
CVE-2025-8033 The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.	CVSS3: 6.5	0% Низкий	4 месяца назад
CVE-2025-8032 XSLT document loading did not correctly propagate the source document ...	CVSS3: 8.1	0% Низкий	4 месяца назад

Уязвимостей на страницу