Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 501

CVE-2023-25749

больше 2 лет назад

Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. <br>*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111.

CVSS3: 4.3

EPSS: Низкий

CVE-2023-25737

больше 2 лет назад

An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

CVSS3: 8.8

EPSS: Низкий

CVE-2023-29538

больше 2 лет назад

Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

CVSS3: 4.3

EPSS: Низкий

CVE-2023-23598

больше 2 лет назад

Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to `DataTransfer.setData`. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.

CVSS3: 6.5

EPSS: Низкий

BDU:2023-07863

больше 2 лет назад

Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR, почтового клиента Mozilla Thunderbird, связанная с некорректным внешним управлением именем или путем файла, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации

CVSS3: 8.1

EPSS: Низкий

BDU:2023-03686

больше 2 лет назад

Уязвимость браузера Mozilla Firefox операционных систем Windows, связанная с ошибками в настройках безопасности, позволяющая нарушителю получить доступ к конфиденциальной информации

CVSS3: 8.8

EPSS: Низкий

CVE-2023-32207

почти 3 года назад

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

CVSS3: 8.8

EPSS: Низкий

CVE-2023-32206

почти 3 года назад

An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

CVSS3: 7.5

EPSS: Низкий

CVE-2023-32212

почти 3 года назад

An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

CVSS3: 6.1

EPSS: Низкий

CVE-2023-32213

почти 3 года назад

When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

CVSS3: 8.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2023-25749 Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. <br>This bug only affects Firefox for Android. Other versions of Firefox are unaffected.. This vulnerability affects Firefox < 111.	CVSS3: 4.3	0% Низкий	больше 2 лет назад
CVE-2023-25737 An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.	CVSS3: 8.8	0% Низкий	больше 2 лет назад
CVE-2023-29538 Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.	CVSS3: 4.3	0% Низкий	больше 2 лет назад
CVE-2023-23598 Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to `DataTransfer.setData`. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.	CVSS3: 6.5	0% Низкий	больше 2 лет назад
BDU:2023-07863 Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR, почтового клиента Mozilla Thunderbird, связанная с некорректным внешним управлением именем или путем файла, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации	CVSS3: 8.1	0% Низкий	больше 2 лет назад
BDU:2023-03686 Уязвимость браузера Mozilla Firefox операционных систем Windows, связанная с ошибками в настройках безопасности, позволяющая нарушителю получить доступ к конфиденциальной информации	CVSS3: 8.8	0% Низкий	больше 2 лет назад
CVE-2023-32207 A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.	CVSS3: 8.8	0% Низкий	почти 3 года назад
CVE-2023-32206 An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.	CVSS3: 7.5	0% Низкий	почти 3 года назад
CVE-2023-32212 An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.	CVSS3: 6.1	0% Низкий	почти 3 года назад
CVE-2023-32213 When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.	CVSS3: 8.8	0% Низкий	почти 3 года назад

Уязвимостей на страницу