Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 501
GHSA-fw75-5frq-vxhg
Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.
GHSA-j3rx-39f7-r8hw
On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.
GHSA-5g22-6w6r-pr2m
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.
GHSA-cv9p-3pfj-w864
Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.
CVE-2025-8044
Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of ...
CVE-2025-8044
Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141 and Thunderbird < 141.
CVE-2025-8043
Focus incorrectly truncated URLs towards the beginning instead of arou ...
CVE-2025-8043
Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability affects Firefox < 141 and Thunderbird < 141.
CVE-2025-8040
Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0 ...
CVE-2025-8040
Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-fw75-5frq-vxhg Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. | CVSS3: 9.1 | 0% Низкий | 7 месяцев назад |
| GHSA-j3rx-39f7-r8hw On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. | CVSS3: 6.5 | 0% Низкий | 7 месяцев назад |
| GHSA-5g22-6w6r-pr2m Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. | CVSS3: 8.1 | 0% Низкий | 7 месяцев назад |
| GHSA-cv9p-3pfj-w864 Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. | CVSS3: 9.8 | 0% Низкий | 7 месяцев назад |
| CVE-2025-8044 Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of ... | CVSS3: 9.8 | 0% Низкий | 7 месяцев назад |
 | CVE-2025-8044 Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141 and Thunderbird < 141. | CVSS3: 9.8 | 0% Низкий | 7 месяцев назад |
| CVE-2025-8043 Focus incorrectly truncated URLs towards the beginning instead of arou ... | CVSS3: 9.8 | 0% Низкий | 7 месяцев назад |
| CVE-2025-8043 Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability affects Firefox < 141 and Thunderbird < 141. | CVSS3: 9.8 | 0% Низкий | 7 месяцев назад |
| CVE-2025-8040 Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0 ... | CVSS3: 8.8 | 0% Низкий | 7 месяцев назад |
| CVE-2025-8040 Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. | CVSS3: 8.8 | 0% Низкий | 7 месяцев назад |
Уязвимостей на страницу