Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 236
GHSA-rr3f-gjw6-5522
Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
GHSA-jqvp-m2qw-c439
Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
GHSA-3f36-r4c3-hh86
The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101.
GHSA-mhvm-x9qg-34cw
If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
GHSA-5mgf-9mwf-m64w
Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS < 102.
GHSA-g34x-fm45-8xww
An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
GHSA-fv4x-hrpq-wqgp
Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.
GHSA-p5h8-cwcq-q5g2
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101.
GHSA-rf5c-p2xm-2r64
Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 100.
GHSA-h8wm-ccrj-94x5
The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code><use></code> tags; however it incorrectly did not sanitize <code>xlink:href</code> attributes. This vulnerability affects Firefox < 102.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-rr3f-gjw6-5522 Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | CVSS3: 8.8 | 0% Низкий | почти 3 года назад |
| GHSA-jqvp-m2qw-c439 Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
| GHSA-3f36-r4c3-hh86 The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101. | CVSS3: 9.8 | 0% Низкий | почти 3 года назад |
| GHSA-mhvm-x9qg-34cw If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
| GHSA-5mgf-9mwf-m64w Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS < 102. | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
| GHSA-g34x-fm45-8xww An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. | CVSS3: 8.8 | 0% Низкий | почти 3 года назад |
| GHSA-fv4x-hrpq-wqgp Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
| GHSA-p5h8-cwcq-q5g2 An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101. | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
| GHSA-rf5c-p2xm-2r64 Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 100. | CVSS3: 8.8 | 0% Низкий | почти 3 года назад |
| GHSA-h8wm-ccrj-94x5 The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code><use></code> tags; however it incorrectly did not sanitize <code>xlink:href</code> attributes. This vulnerability affects Firefox < 102. | CVSS3: 6.1 | 1% Низкий | почти 3 года назад |
Уязвимостей на страницу