Логотип exploitDog
product: "firefox"
Консоль
Логотип exploitDog

exploitDog

product: "firefox"
Mozilla Firefox

Mozilla Firefoxсвободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox
Вендор: mozilla

График релизов

11511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614720232024202520262027

Недавние уязвимости Mozilla Firefox

Количество 15 501

ubuntu логотип

CVE-2023-25751

больше 2 лет назад

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

CVSS3: 6.5
EPSS: Низкий
ubuntu логотип

CVE-2023-25729

больше 2 лет назад

Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

CVSS3: 8.8
EPSS: Низкий
ubuntu логотип

CVE-2023-32213

больше 2 лет назад

When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

CVSS3: 8.8
EPSS: Низкий
ubuntu логотип

CVE-2023-32212

больше 2 лет назад

An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

CVSS3: 4.3
EPSS: Низкий
fstec логотип

BDU:2023-07863

больше 2 лет назад

Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR, почтового клиента Mozilla Thunderbird, связанная с некорректным внешним управлением именем или путем файла, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации

CVSS3: 8.1
EPSS: Низкий
fstec логотип

BDU:2023-03686

больше 2 лет назад

Уязвимость браузера Mozilla Firefox операционных систем Windows, связанная с ошибками в настройках безопасности, позволяющая нарушителю получить доступ к конфиденциальной информации

CVSS3: 8.8
EPSS: Низкий
redhat логотип

CVE-2023-32215

почти 3 года назад

Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

CVSS3: 8.8
EPSS: Низкий
redhat логотип

CVE-2023-32214

почти 3 года назад

Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

CVSS3: 6.5
EPSS: Низкий
redhat логотип

CVE-2023-32205

почти 3 года назад

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

CVSS3: 7.5
EPSS: Низкий
redhat логотип

CVE-2023-32207

почти 3 года назад

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

CVSS3: 8.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
ubuntu логотип
CVE-2023-25751

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

CVSS3: 6.5
0%
Низкий
больше 2 лет назад
ubuntu логотип
CVE-2023-25729

Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

CVSS3: 8.8
0%
Низкий
больше 2 лет назад
ubuntu логотип
CVE-2023-32213

When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

CVSS3: 8.8
0%
Низкий
больше 2 лет назад
ubuntu логотип
CVE-2023-32212

An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

CVSS3: 4.3
0%
Низкий
больше 2 лет назад
fstec логотип
BDU:2023-07863

Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR, почтового клиента Mozilla Thunderbird, связанная с некорректным внешним управлением именем или путем файла, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации

CVSS3: 8.1
0%
Низкий
больше 2 лет назад
fstec логотип
BDU:2023-03686

Уязвимость браузера Mozilla Firefox операционных систем Windows, связанная с ошибками в настройках безопасности, позволяющая нарушителю получить доступ к конфиденциальной информации

CVSS3: 8.8
0%
Низкий
больше 2 лет назад
redhat логотип
CVE-2023-32215

Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

CVSS3: 8.8
0%
Низкий
почти 3 года назад
redhat логотип
CVE-2023-32214

Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

CVSS3: 6.5
0%
Низкий
почти 3 года назад
redhat логотип
CVE-2023-32205

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

CVSS3: 7.5
0%
Низкий
почти 3 года назад
redhat логотип
CVE-2023-32207

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

CVSS3: 8.8
0%
Низкий
почти 3 года назад

Уязвимостей на страницу


Поделиться