Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 236

CVE-2023-23598

больше 2 лет назад

Due to the Firefox GTK wrapper code's use of text/plain for drag data ...

CVSS3: 6.5

EPSS: Низкий

CVE-2023-23597

больше 2 лет назад

A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the <code>file://</code> context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109.

CVSS3: 6.5

EPSS: Низкий

CVE-2023-23597

больше 2 лет назад

A compromised web child process could disable web security opening res ...

CVSS3: 6.5

EPSS: Низкий

CVE-2023-0767

больше 2 лет назад

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

CVSS3: 8.8

EPSS: Низкий

CVE-2023-0767

больше 2 лет назад

An attacker could construct a PKCS 12 cert bundle in such a way that c ...

CVSS3: 8.8

EPSS: Низкий

CVE-2023-23602

больше 2 лет назад

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.

CVSS3: 6.5

EPSS: Низкий

CVE-2023-32206

больше 2 лет назад

An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

CVSS3: 6.5

EPSS: Низкий

CVE-2023-29543

больше 2 лет назад

An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

CVSS3: 8.8

EPSS: Низкий

CVE-2023-29551

больше 2 лет назад

Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

CVSS3: 8.8

EPSS: Низкий

CVE-2023-25751

больше 2 лет назад

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

CVSS3: 6.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2023-23598 Due to the Firefox GTK wrapper code's use of text/plain for drag data ...	CVSS3: 6.5	0% Низкий	больше 2 лет назад
CVE-2023-23597 A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the <code>file://</code> context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109.	CVSS3: 6.5	0% Низкий	больше 2 лет назад
CVE-2023-23597 A compromised web child process could disable web security opening res ...	CVSS3: 6.5	0% Низкий	больше 2 лет назад
CVE-2023-0767 An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.	CVSS3: 8.8	0% Низкий	больше 2 лет назад
CVE-2023-0767 An attacker could construct a PKCS 12 cert bundle in such a way that c ...	CVSS3: 8.8	0% Низкий	больше 2 лет назад
CVE-2023-23602 A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.	CVSS3: 6.5	0% Низкий	больше 2 лет назад
CVE-2023-32206 An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.	CVSS3: 6.5	0% Низкий	больше 2 лет назад
CVE-2023-29543 An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.	CVSS3: 8.8	0% Низкий	больше 2 лет назад
CVE-2023-29551 Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.	CVSS3: 8.8	0% Низкий	больше 2 лет назад
CVE-2023-25751 Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.	CVSS3: 6.5	0% Низкий	больше 2 лет назад

Уязвимостей на страницу