Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 151
CVE-2025-4085
An attacker with control over a content process could potentially leve ...
CVE-2025-4085
An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138.
CVE-2025-4084
Due to insufficient escaping of the special characters in the "copy as ...
CVE-2025-4084
Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* This vulnerability affects Firefox ESR < 128.10, Firefox ESR < 115.23, and Thunderbird < 128.10.
CVE-2025-4083
A process isolation vulnerability in Thunderbird stemmed from improper ...
CVE-2025-4083
A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.
CVE-2025-4082
Modification of specific WebGL shader attributes could trigger an out- ...
CVE-2025-4082
Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.
CVE-2025-2817
Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.
CVE-2025-2817
Thunderbird's update mechanism allowed a medium-integrity user process ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2025-4085 An attacker with control over a content process could potentially leve ... | CVSS3: 7.1 | 0% Низкий | 7 месяцев назад |
 | CVE-2025-4085 An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138. | CVSS3: 7.1 | 0% Низкий | 7 месяцев назад |
| CVE-2025-4084 Due to insufficient escaping of the special characters in the "copy as ... | CVSS3: 5.7 | 0% Низкий | 7 месяцев назад |
| CVE-2025-4084 Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* This vulnerability affects Firefox ESR < 128.10, Firefox ESR < 115.23, and Thunderbird < 128.10. | CVSS3: 5.7 | 0% Низкий | 7 месяцев назад |
| CVE-2025-4083 A process isolation vulnerability in Thunderbird stemmed from improper ... | CVSS3: 9.1 | 0% Низкий | 7 месяцев назад |
| CVE-2025-4083 A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10. | CVSS3: 9.1 | 0% Низкий | 7 месяцев назад |
| CVE-2025-4082 Modification of specific WebGL shader attributes could trigger an out- ... | CVSS3: 5.9 | 0% Низкий | 7 месяцев назад |
| CVE-2025-4082 Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10. | CVSS3: 5.9 | 0% Низкий | 7 месяцев назад |
| CVE-2025-2817 Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10. | CVSS3: 8.8 | 0% Низкий | 7 месяцев назад |
| CVE-2025-2817 Thunderbird's update mechanism allowed a medium-integrity user process ... | CVSS3: 8.8 | 0% Низкий | 7 месяцев назад |
Уязвимостей на страницу