Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 491

CVE-2025-6432

8 месяцев назад

When Multi-Account Containers was enabled, DNS requests could have byp ...

CVSS3: 8.6

EPSS: Низкий

CVE-2025-6432

8 месяцев назад

When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability affects Firefox < 140 and Thunderbird < 140.

CVSS3: 8.6

EPSS: Низкий

CVE-2025-6431

8 месяцев назад

When a link can be opened in an external application, Firefox for Andr ...

CVSS3: 6.5

EPSS: Низкий

CVE-2025-6431

8 месяцев назад

When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140.

CVSS3: 6.5

EPSS: Низкий

CVE-2025-6430

8 месяцев назад

When a file download is specified via the `Content-Disposition` header ...

CVSS3: 6.1

EPSS: Низкий

CVE-2025-6430

8 месяцев назад

When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

CVSS3: 6.1

EPSS: Низкий

CVE-2025-6429

8 месяцев назад

Firefox could have incorrectly parsed a URL and rewritten it to the yo ...

CVSS3: 6.5

EPSS: Низкий

CVE-2025-6429

8 месяцев назад

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

CVSS3: 6.5

EPSS: Низкий

CVE-2025-6428

8 месяцев назад

When a URL was provided in a link querystring parameter, Firefox for A ...

CVSS3: 4.3

EPSS: Низкий

CVE-2025-6428

8 месяцев назад

When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140.

CVSS3: 4.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2025-6432 When Multi-Account Containers was enabled, DNS requests could have byp ...	CVSS3: 8.6	0% Низкий	8 месяцев назад
CVE-2025-6432 When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability affects Firefox < 140 and Thunderbird < 140.	CVSS3: 8.6	0% Низкий	8 месяцев назад
CVE-2025-6431 When a link can be opened in an external application, Firefox for Andr ...	CVSS3: 6.5	0% Низкий	8 месяцев назад
CVE-2025-6431 When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox < 140.	CVSS3: 6.5	0% Низкий	8 месяцев назад
CVE-2025-6430 When a file download is specified via the `Content-Disposition` header ...	CVSS3: 6.1	0% Низкий	8 месяцев назад
CVE-2025-6430 When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.	CVSS3: 6.1	0% Низкий	8 месяцев назад
CVE-2025-6429 Firefox could have incorrectly parsed a URL and rewritten it to the yo ...	CVSS3: 6.5	0% Низкий	8 месяцев назад
CVE-2025-6429 Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.	CVSS3: 6.5	0% Низкий	8 месяцев назад
CVE-2025-6428 When a URL was provided in a link querystring parameter, Firefox for A ...	CVSS3: 4.3	0% Низкий	8 месяцев назад
CVE-2025-6428 When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox < 140.	CVSS3: 4.3	0% Низкий	8 месяцев назад

Уязвимостей на страницу