Mozilla Firefox — свободный браузер на движке Gecko

After downloading a Windows <code>.scf</code> script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110.

Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

Mozilla developers and community members Gabriele Svelto, Andrew Osmon ...

When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

When reading a file, an uninitialized value could have been used as re ...

An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

An attacker could have positioned a `datalist` element to obscure the ...

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

A type checking bug would have led to invalid code being compiled. Thi ...

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.