Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 14 599
CVE-2025-5266
Script elements loading cross-origin resources generated load and erro ...
CVE-2025-5266
Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.
CVE-2025-5265
Due to insufficient escaping of the ampersand character in the \u201cC ...
CVE-2025-5265
Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.
CVE-2025-5264
Due to insufficient escaping of the newline character in the \u201cCop ...
CVE-2025-5264
Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.
CVE-2025-5263
Error handling for script execution was incorrectly isolated from web ...
CVE-2025-5263
Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.
CVE-2025-5263
Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.
CVE-2025-5267
A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2025-5266 Script elements loading cross-origin resources generated load and erro ... | CVSS3: 6.5 | 0% Низкий | 22 дня назад |
 | CVE-2025-5266 Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11. | CVSS3: 6.5 | 0% Низкий | 22 дня назад |
| CVE-2025-5265 Due to insufficient escaping of the ampersand character in the \u201cC ... | CVSS3: 4.8 | 0% Низкий | 22 дня назад |
| CVE-2025-5265 Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11. | CVSS3: 4.8 | 0% Низкий | 22 дня назад |
| CVE-2025-5264 Due to insufficient escaping of the newline character in the \u201cCop ... | CVSS3: 4.8 | 0% Низкий | 22 дня назад |
| CVE-2025-5264 Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11. | CVSS3: 4.8 | 0% Низкий | 22 дня назад |
| CVE-2025-5263 Error handling for script execution was incorrectly isolated from web ... | CVSS3: 4.3 | 0% Низкий | 22 дня назад |
| CVE-2025-5263 Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11. | CVSS3: 4.3 | 0% Низкий | 22 дня назад |
 | CVE-2025-5263 Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11. | CVSS3: 4.3 | 0% Низкий | 22 дня назад |
| CVE-2025-5267 A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11. | CVSS3: 5.4 | 0% Низкий | 22 дня назад |
Уязвимостей на страницу