Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 501
BDU:2025-11334
Уязвимость компонента Web Compatibility: Tooling браузера Mozilla Firefox и почтового клиента Thunderbird, позволяющая нарушителю обойти существующие ограничения безопасности
BDU:2025-11380
Уязвимость компонента Graphics: Canvas2D браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код
GHSA-6rqq-g95r-qrcc
Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142 and Thunderbird < 142.
GHSA-96vc-phqg-v5rx
Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability affects Firefox < 142.
GHSA-4c9v-rqpw-wrj7
Uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 142, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
GHSA-2hgr-r3c9-m9jw
Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
GHSA-h3xr-99q8-227g
Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some scenarios and allow for denial of service attacks This vulnerability affects Firefox for iOS < 142.
GHSA-7379-6rf2-q4f9
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
GHSA-36p9-4jqp-qvg9
The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link This vulnerability affects Firefox for iOS < 141.
GHSA-mv5m-p837-6xm9
'Denial-of-service due to out-of-memory in the Graphics: WebRender component.' This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2025-11334 Уязвимость компонента Web Compatibility: Tooling браузера Mozilla Firefox и почтового клиента Thunderbird, позволяющая нарушителю обойти существующие ограничения безопасности | CVSS3: 5.4 | 0% Низкий | 5 месяцев назад |
| BDU:2025-11380 Уязвимость компонента Graphics: Canvas2D браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код | CVSS3: 7.1 | 0% Низкий | 5 месяцев назад |
| GHSA-6rqq-g95r-qrcc Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142 and Thunderbird < 142. | CVSS3: 9.8 | 0% Низкий | 6 месяцев назад |
| GHSA-96vc-phqg-v5rx Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability affects Firefox < 142. | CVSS3: 6.5 | 0% Низкий | 6 месяцев назад |
| GHSA-4c9v-rqpw-wrj7 Uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 142, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. | CVSS3: 6.5 | 0% Низкий | 6 месяцев назад |
| GHSA-2hgr-r3c9-m9jw Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. | CVSS3: 8.1 | 0% Низкий | 6 месяцев назад |
| GHSA-h3xr-99q8-227g Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some scenarios and allow for denial of service attacks This vulnerability affects Firefox for iOS < 142. | CVSS3: 6.5 | 0% Низкий | 6 месяцев назад |
| GHSA-7379-6rf2-q4f9 An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. | CVSS3: 9.8 | 0% Низкий | 6 месяцев назад |
| GHSA-36p9-4jqp-qvg9 The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link This vulnerability affects Firefox for iOS < 141. | CVSS3: 5.4 | 0% Низкий | 6 месяцев назад |
| GHSA-mv5m-p837-6xm9 'Denial-of-service due to out-of-memory in the Graphics: WebRender component.' This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2. | CVSS3: 7.5 | 0% Низкий | 6 месяцев назад |
Уязвимостей на страницу