Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 14 768
CVE-2025-4086
A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. *This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138 and Thunderbird < 138.
CVE-2025-4086
A specially crafted filename containing a large number of encoded newl ...
CVE-2025-4085
An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138.
CVE-2025-4085
An attacker with control over a content process could potentially leve ...
CVE-2025-4084
Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* This vulnerability affects Firefox ESR < 128.10, Firefox ESR < 115.23, and Thunderbird < 128.10.
CVE-2025-4084
Due to insufficient escaping of the special characters in the "copy as ...
CVE-2025-4083
A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.
CVE-2025-4083
A process isolation vulnerability in Thunderbird stemmed from improper ...
CVE-2025-4082
Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.
CVE-2025-4082
Modification of specific WebGL shader attributes could trigger an out- ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2025-4086 A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. *This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138 and Thunderbird < 138. | CVSS3: 6.5 | 0% Низкий | 3 месяца назад |
| CVE-2025-4086 A specially crafted filename containing a large number of encoded newl ... | CVSS3: 6.5 | 0% Низкий | 3 месяца назад |
| CVE-2025-4085 An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138. | CVSS3: 7.1 | 0% Низкий | 3 месяца назад |
| CVE-2025-4085 An attacker with control over a content process could potentially leve ... | CVSS3: 7.1 | 0% Низкий | 3 месяца назад |
| CVE-2025-4084 Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* This vulnerability affects Firefox ESR < 128.10, Firefox ESR < 115.23, and Thunderbird < 128.10. | CVSS3: 5.7 | 0% Низкий | 3 месяца назад |
| CVE-2025-4084 Due to insufficient escaping of the special characters in the "copy as ... | CVSS3: 5.7 | 0% Низкий | 3 месяца назад |
| CVE-2025-4083 A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10. | CVSS3: 9.1 | 0% Низкий | 3 месяца назад |
| CVE-2025-4083 A process isolation vulnerability in Thunderbird stemmed from improper ... | CVSS3: 9.1 | 0% Низкий | 3 месяца назад |
| CVE-2025-4082 Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10. | CVSS3: 5.9 | 0% Низкий | 3 месяца назад |
| CVE-2025-4082 Modification of specific WebGL shader attributes could trigger an out- ... | CVSS3: 5.9 | 0% Низкий | 3 месяца назад |
Уязвимостей на страницу