Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 225
CVE-2023-29541
Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
CVE-2023-29541
Firefox did not properly handle downloads of files ending in <code>.de ...
CVE-2023-29540
Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
CVE-2023-29540
Using a redirect embedded into <code>sourceMappingUrls</code> could al ...
CVE-2023-29539
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
CVE-2023-29539
When handling the filename directive in the Content-Disposition header ...
CVE-2023-29538
Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
CVE-2023-29538
Under specific circumstances a WebExtension may have received a <code> ...
CVE-2023-29537
Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
CVE-2023-29537
Multiple race conditions in the font initialization could have led to ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2023-29541 Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | CVSS3: 8.8 | 0% Низкий | больше 2 лет назад |
| CVE-2023-29541 Firefox did not properly handle downloads of files ending in <code>.de ... | CVSS3: 8.8 | 0% Низкий | больше 2 лет назад |
| CVE-2023-29540 Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | CVSS3: 6.1 | 0% Низкий | больше 2 лет назад |
| CVE-2023-29540 Using a redirect embedded into <code>sourceMappingUrls</code> could al ... | CVSS3: 6.1 | 0% Низкий | больше 2 лет назад |
| CVE-2023-29539 When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | CVSS3: 8.8 | 0% Низкий | больше 2 лет назад |
| CVE-2023-29539 When handling the filename directive in the Content-Disposition header ... | CVSS3: 8.8 | 0% Низкий | больше 2 лет назад |
| CVE-2023-29538 Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| CVE-2023-29538 Under specific circumstances a WebExtension may have received a <code> ... | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| CVE-2023-29537 Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| CVE-2023-29537 Multiple race conditions in the font initialization could have led to ... | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу