Логотип exploitDog
product: "firefox"
Консоль
Логотип exploitDog

exploitDog

product: "firefox"
Mozilla Firefox

Mozilla Firefoxсвободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox
Вендор: mozilla

График релизов

11511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614720232024202520262027

Недавние уязвимости Mozilla Firefox

Количество 15 501

ubuntu логотип

CVE-2023-32206

больше 2 лет назад

An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

CVSS3: 6.5
EPSS: Низкий
ubuntu логотип

CVE-2023-0767

больше 2 лет назад

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

CVSS3: 8.8
EPSS: Низкий
ubuntu логотип

CVE-2023-28163

больше 2 лет назад

When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. <br>*This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

CVSS3: 6.5
EPSS: Низкий
ubuntu логотип

CVE-2023-25732

больше 2 лет назад

When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

CVSS3: 8.8
EPSS: Низкий
ubuntu логотип

CVE-2023-25739

больше 2 лет назад

Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

CVSS3: 8.8
EPSS: Низкий
ubuntu логотип

CVE-2023-25730

больше 2 лет назад

A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

CVSS3: 5.4
EPSS: Низкий
ubuntu логотип

CVE-2023-32207

больше 2 лет назад

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

CVSS3: 8.8
EPSS: Низкий
ubuntu логотип

CVE-2023-25742

больше 2 лет назад

When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

CVSS3: 6.5
EPSS: Низкий
ubuntu логотип

CVE-2023-23602

больше 2 лет назад

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.

CVSS3: 6.5
EPSS: Низкий
ubuntu логотип

CVE-2023-23600

больше 2 лет назад

Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be displayed during different browsing sessions. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox < 109.

CVSS3: 6.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
ubuntu логотип
CVE-2023-32206

An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

CVSS3: 6.5
0%
Низкий
больше 2 лет назад
ubuntu логотип
CVE-2023-0767

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

CVSS3: 8.8
0%
Низкий
больше 2 лет назад
ubuntu логотип
CVE-2023-28163

When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. <br>*This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

CVSS3: 6.5
0%
Низкий
больше 2 лет назад
ubuntu логотип
CVE-2023-25732

When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

CVSS3: 8.8
0%
Низкий
больше 2 лет назад
ubuntu логотип
CVE-2023-25739

Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

CVSS3: 8.8
0%
Низкий
больше 2 лет назад
ubuntu логотип
CVE-2023-25730

A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

CVSS3: 5.4
0%
Низкий
больше 2 лет назад
ubuntu логотип
CVE-2023-32207

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

CVSS3: 8.8
0%
Низкий
больше 2 лет назад
ubuntu логотип
CVE-2023-25742

When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

CVSS3: 6.5
0%
Низкий
больше 2 лет назад
ubuntu логотип
CVE-2023-23602

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.

CVSS3: 6.5
0%
Низкий
больше 2 лет назад
ubuntu логотип
CVE-2023-23600

Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be displayed during different browsing sessions. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox < 109.

CVSS3: 6.5
0%
Низкий
больше 2 лет назад

Уязвимостей на страницу


Поделиться