Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 501
CVE-2025-11716
Links in a sandboxed iframe could open an external app on Android with ...
CVE-2025-11715
Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.
CVE-2025-11715
Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3 ...
CVE-2025-11714
Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.
CVE-2025-11714
Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, T ...
CVE-2025-11713
Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect the application when running on other operating systems. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.
CVE-2025-11713
Insufficient escaping in the \u201cCopy as cURL\u201d feature could ha ...
CVE-2025-11712
A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.
CVE-2025-11712
A malicious page could have used the type attribute of an OBJECT tag t ...
CVE-2025-11711
There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2025-11716 Links in a sandboxed iframe could open an external app on Android with ... | CVSS3: 6.5 | 0% Низкий | 4 месяца назад |
 | CVE-2025-11715 Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | CVSS3: 8.8 | 0% Низкий | 4 месяца назад |
| CVE-2025-11715 Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3 ... | CVSS3: 8.8 | 0% Низкий | 4 месяца назад |
| CVE-2025-11714 Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | CVSS3: 8.8 | 0% Низкий | 4 месяца назад |
| CVE-2025-11714 Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, T ... | CVSS3: 8.8 | 0% Низкий | 4 месяца назад |
| CVE-2025-11713 Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect the application when running on other operating systems. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | CVSS3: 8.1 | 0% Низкий | 4 месяца назад |
| CVE-2025-11713 Insufficient escaping in the \u201cCopy as cURL\u201d feature could ha ... | CVSS3: 8.1 | 0% Низкий | 4 месяца назад |
| CVE-2025-11712 A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | CVSS3: 6.1 | 0% Низкий | 4 месяца назад |
| CVE-2025-11712 A malicious page could have used the type attribute of an OBJECT tag t ... | CVSS3: 6.1 | 0% Низкий | 4 месяца назад |
| CVE-2025-11711 There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | CVSS3: 6.5 | 0% Низкий | 4 месяца назад |
Уязвимостей на страницу