Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 151

CVE-2025-8032

4 месяца назад

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

CVSS3: 8.1

EPSS: Низкий

CVE-2025-8031

4 месяца назад

The `username:password` part was not correctly stripped from URLs in C ...

CVSS3: 9.8

EPSS: Низкий

CVE-2025-8031

4 месяца назад

The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

CVSS3: 9.8

EPSS: Низкий

CVE-2025-8030

4 месяца назад

Insufficient escaping in the \u201cCopy as cURL\u201d feature could po ...

CVSS3: 8.1

EPSS: Низкий

CVE-2025-8030

4 месяца назад

Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

CVSS3: 8.1

EPSS: Низкий

CVE-2025-8029

4 месяца назад

Thunderbird executed `javascript:` URLs when used in `object` and `emb ...

CVSS3: 8.1

EPSS: Низкий

CVE-2025-8029

4 месяца назад

Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

CVSS3: 8.1

EPSS: Низкий

CVE-2025-8028

4 месяца назад

On arm64, a WASM `br_table` instruction with a lot of entries could le ...

CVSS3: 9.8

EPSS: Низкий

CVE-2025-8028

4 месяца назад

On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

CVSS3: 9.8

EPSS: Низкий

CVE-2025-8027

4 месяца назад

On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit ret ...

CVSS3: 6.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2025-8032 XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.	CVSS3: 8.1	0% Низкий	4 месяца назад
CVE-2025-8031 The `username:password` part was not correctly stripped from URLs in C ...	CVSS3: 9.8	0% Низкий	4 месяца назад
CVE-2025-8031 The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.	CVSS3: 9.8	0% Низкий	4 месяца назад
CVE-2025-8030 Insufficient escaping in the \u201cCopy as cURL\u201d feature could po ...	CVSS3: 8.1	0% Низкий	4 месяца назад
CVE-2025-8030 Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.	CVSS3: 8.1	0% Низкий	4 месяца назад
CVE-2025-8029 Thunderbird executed `javascript:` URLs when used in `object` and `emb ...	CVSS3: 8.1	0% Низкий	4 месяца назад
CVE-2025-8029 Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.	CVSS3: 8.1	0% Низкий	4 месяца назад
CVE-2025-8028 On arm64, a WASM `br_table` instruction with a lot of entries could le ...	CVSS3: 9.8	0% Низкий	4 месяца назад
CVE-2025-8028 On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.	CVSS3: 9.8	0% Низкий	4 месяца назад
CVE-2025-8027 On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit ret ...	CVSS3: 6.5	0% Низкий	4 месяца назад

Уязвимостей на страницу