Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 14 679
CVE-2024-9395
A specially crafted filename containing a large number of spaces could ...
CVE-2024-9394
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
CVE-2024-9394
An attacker could, via a specially crafted multipart response, execute ...
CVE-2024-9393
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
CVE-2024-9393
An attacker could, via a specially crafted multipart response, execute ...
CVE-2024-9392
A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
CVE-2024-9392
A compromised content process could have allowed for the arbitrary loa ...
CVE-2024-9391
A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible. *This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131.
CVE-2024-9391
A user who enables full-screen mode on a specially crafted web page co ...
CVE-2024-9395
A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2024-9395 A specially crafted filename containing a large number of spaces could ... | CVSS3: 5.3 | 0% Низкий | 9 месяцев назад |
 | CVE-2024-9394 An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. | CVSS3: 7.5 | 0% Низкий | 9 месяцев назад |
| CVE-2024-9394 An attacker could, via a specially crafted multipart response, execute ... | CVSS3: 7.5 | 0% Низкий | 9 месяцев назад |
| CVE-2024-9393 An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. | CVSS3: 7.5 | 0% Низкий | 9 месяцев назад |
| CVE-2024-9393 An attacker could, via a specially crafted multipart response, execute ... | CVSS3: 7.5 | 0% Низкий | 9 месяцев назад |
| CVE-2024-9392 A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. | CVSS3: 9.8 | 0% Низкий | 9 месяцев назад |
| CVE-2024-9392 A compromised content process could have allowed for the arbitrary loa ... | CVSS3: 9.8 | 0% Низкий | 9 месяцев назад |
| CVE-2024-9391 A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible. *This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131. | CVSS3: 6.5 | 0% Низкий | 9 месяцев назад |
| CVE-2024-9391 A user who enables full-screen mode on a specially crafted web page co ... | CVSS3: 6.5 | 0% Низкий | 9 месяцев назад |
 | CVE-2024-9395 A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131. | CVSS3: 5.3 | 0% Низкий | 9 месяцев назад |
Уязвимостей на страницу