Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 151

CVE-2025-1019

9 месяцев назад

The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.

CVSS3: 5.4

EPSS: Низкий

CVE-2025-1014

9 месяцев назад

Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

CVSS3: 5.3

EPSS: Низкий

CVE-2025-1013

9 месяцев назад

A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

CVSS3: 4.3

EPSS: Низкий

CVE-2025-1012

9 месяцев назад

A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

CVSS3: 7.6

EPSS: Низкий

CVE-2025-1011

9 месяцев назад

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

CVSS3: 8.8

EPSS: Низкий

CVE-2025-1010

9 месяцев назад

An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

CVSS3: 8.8

EPSS: Низкий

CVE-2025-1018

9 месяцев назад

The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.

CVSS3: 5.4

EPSS: Низкий

CVE-2025-1009

9 месяцев назад

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

CVSS3: 9.8

EPSS: Низкий

BDU:2025-02311

9 месяцев назад

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR, связанная с ошибками синхронизации при использовании общего ресурса («Ситуация гонки»), позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

CVSS3: 6.5

EPSS: Низкий

BDU:2025-02312

9 месяцев назад

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR, связанная с возможностью использования памяти после освобождения, позволяющая нарушителю оказывать воздействие на конфиденциальность, целостность и доступность защищаемой информации

CVSS3: 9.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2025-1019 The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.	CVSS3: 5.4	0% Низкий	9 месяцев назад
CVE-2025-1014 Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.	CVSS3: 5.3	0% Низкий	9 месяцев назад
CVE-2025-1013 A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.	CVSS3: 4.3	0% Низкий	9 месяцев назад
CVE-2025-1012 A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.	CVSS3: 7.6	1% Низкий	9 месяцев назад
CVE-2025-1011 A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.	CVSS3: 8.8	0% Низкий	9 месяцев назад
CVE-2025-1010 An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.	CVSS3: 8.8	1% Низкий	9 месяцев назад
CVE-2025-1018 The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.	CVSS3: 5.4	0% Низкий	9 месяцев назад
CVE-2025-1009 An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.	CVSS3: 9.8	1% Низкий	9 месяцев назад
BDU:2025-02311 Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR, связанная с ошибками синхронизации при использовании общего ресурса («Ситуация гонки»), позволяющая нарушителю получить несанкционированный доступ к защищаемой информации	CVSS3: 6.5	0% Низкий	9 месяцев назад
BDU:2025-02312 Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR, связанная с возможностью использования памяти после освобождения, позволяющая нарушителю оказывать воздействие на конфиденциальность, целостность и доступность защищаемой информации	CVSS3: 9.8	1% Низкий	9 месяцев назад

Уязвимостей на страницу