Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 046
CVE-2025-11710
A compromised web process using malicious IPC messages could have caus ...
CVE-2025-11709
A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.
CVE-2025-11709
A compromised web process was able to trigger out of bounds reads and ...
CVE-2025-11708
Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.
CVE-2025-11708
Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerabilit ...
CVE-2025-11719
Starting in Firefox 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability affects Firefox < 144 and Thunderbird < 144.
CVE-2025-11712
A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.
CVE-2025-11709
A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.
CVE-2025-11716
Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability affects Firefox < 144 and Thunderbird < 144.
CVE-2025-11713
Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect Firefox running on other operating systems. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2025-11710 A compromised web process using malicious IPC messages could have caus ... | CVSS3: 9.8 | 0% Низкий | 20 дней назад |
 | CVE-2025-11709 A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | CVSS3: 9.8 | 0% Низкий | 20 дней назад |
| CVE-2025-11709 A compromised web process was able to trigger out of bounds reads and ... | CVSS3: 9.8 | 0% Низкий | 20 дней назад |
| CVE-2025-11708 Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | CVSS3: 9.8 | 0% Низкий | 20 дней назад |
| CVE-2025-11708 Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerabilit ... | CVSS3: 9.8 | 0% Низкий | 20 дней назад |
 | CVE-2025-11719 Starting in Firefox 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability affects Firefox < 144 and Thunderbird < 144. | CVSS3: 9.8 | 0% Низкий | 20 дней назад |
| CVE-2025-11712 A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | CVSS3: 6.1 | 0% Низкий | 20 дней назад |
| CVE-2025-11709 A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | CVSS3: 9.8 | 0% Низкий | 20 дней назад |
| CVE-2025-11716 Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability affects Firefox < 144 and Thunderbird < 144. | CVSS3: 6.5 | 0% Низкий | 20 дней назад |
| CVE-2025-11713 Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect Firefox running on other operating systems. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | CVSS3: 8.1 | 0% Низкий | 20 дней назад |
Уязвимостей на страницу