Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 046
CVE-2025-11715
Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3 ...
CVE-2025-11714
Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.
CVE-2025-11714
Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, T ...
CVE-2025-11713
Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect Firefox running on other operating systems. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.
CVE-2025-11713
Insufficient escaping in the \u201cCopy as cURL\u201d feature could ha ...
CVE-2025-11712
A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.
CVE-2025-11712
A malicious page could have used the type attribute of an OBJECT tag t ...
CVE-2025-11711
There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.
CVE-2025-11711
There was a way to change the value of JavaScript Object properties th ...
CVE-2025-11710
A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2025-11715 Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3 ... | CVSS3: 8.8 | 0% Низкий | 20 дней назад |
 | CVE-2025-11714 Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | CVSS3: 8.8 | 0% Низкий | 20 дней назад |
| CVE-2025-11714 Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, T ... | CVSS3: 8.8 | 0% Низкий | 20 дней назад |
| CVE-2025-11713 Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect Firefox running on other operating systems. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | CVSS3: 8.1 | 0% Низкий | 20 дней назад |
| CVE-2025-11713 Insufficient escaping in the \u201cCopy as cURL\u201d feature could ha ... | CVSS3: 8.1 | 0% Низкий | 20 дней назад |
| CVE-2025-11712 A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | CVSS3: 6.1 | 0% Низкий | 20 дней назад |
| CVE-2025-11712 A malicious page could have used the type attribute of an OBJECT tag t ... | CVSS3: 6.1 | 0% Низкий | 20 дней назад |
| CVE-2025-11711 There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | CVSS3: 6.5 | 0% Низкий | 20 дней назад |
| CVE-2025-11711 There was a way to change the value of JavaScript Object properties th ... | CVSS3: 6.5 | 0% Низкий | 20 дней назад |
| CVE-2025-11710 A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | CVSS3: 9.8 | 0% Низкий | 20 дней назад |
Уязвимостей на страницу