Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 14 788
GHSA-jxv2-pgjw-vg3v
Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133.
GHSA-3r9h-5xmh-8j4q
Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133.
GHSA-wjq6-6xvc-xr82
On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133.
GHSA-8rq4-c5x2-x4g8
A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox < 133 and Thunderbird < 133.
GHSA-h8gv-f7pf-7c4p
A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133 and Thunderbird < 133.
GHSA-p9vw-xw86-3f2w
The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.
GHSA-7r4q-q89f-2mcg
Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133.
CVE-2024-53976
Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133.
CVE-2024-53976
Under certain circumstances, navigating to a webpage would result in t ...
CVE-2024-53975
Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-jxv2-pgjw-vg3v Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133. | CVSS3: 5.4 | 0% Низкий | 9 месяцев назад |
| GHSA-3r9h-5xmh-8j4q Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133. | CVSS3: 6.5 | 0% Низкий | 9 месяцев назад |
| GHSA-wjq6-6xvc-xr82 On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133. | CVSS3: 9.1 | 0% Низкий | 9 месяцев назад |
| GHSA-8rq4-c5x2-x4g8 A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox < 133 and Thunderbird < 133. | CVSS3: 6.5 | 0% Низкий | 9 месяцев назад |
| GHSA-h8gv-f7pf-7c4p A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133 and Thunderbird < 133. | CVSS3: 9.8 | 0% Низкий | 9 месяцев назад |
| GHSA-p9vw-xw86-3f2w The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133. | CVSS3: 4.3 | 0% Низкий | 9 месяцев назад |
| GHSA-7r4q-q89f-2mcg Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133. | CVSS3: 7.5 | 0% Низкий | 9 месяцев назад |
 | CVE-2024-53976 Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133. | CVSS3: 5.4 | 0% Низкий | 9 месяцев назад |
| CVE-2024-53976 Under certain circumstances, navigating to a webpage would result in t ... | CVSS3: 5.4 | 0% Низкий | 9 месяцев назад |
| CVE-2024-53975 Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133. | CVSS3: 5.4 | 0% Низкий | 9 месяцев назад |
Уязвимостей на страницу