Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 501
BDU:2025-05383
Уязвимость браузера Mozilla Firefox и почтового клиента Thunderbird операционных систем Android, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
GHSA-6rrc-vwrv-cwxc
A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2.
CVE-2025-3608
A race condition existed in nsHttpTransaction that could have been exp ...
CVE-2025-3608
A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2.
CVE-2025-3608
A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2.
CVE-2025-3608
A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2.
GHSA-799g-3g44-3g9m
A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird ESR < 128.9.
GHSA-57xv-4vp5-7v49
After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 137 and Thunderbird < 137.
GHSA-h3xj-xc3c-cvpm
Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox < 137 and Thunderbird < 137.
GHSA-2f7m-9j2c-gwvw
Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 137 and Thunderbird < 137.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2025-05383 Уязвимость браузера Mozilla Firefox и почтового клиента Thunderbird операционных систем Android, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 6.5 | 0% Низкий | 9 месяцев назад |
| GHSA-6rrc-vwrv-cwxc A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2. | CVSS3: 6.5 | 0% Низкий | 10 месяцев назад |
| CVE-2025-3608 A race condition existed in nsHttpTransaction that could have been exp ... | CVSS3: 6.5 | 0% Низкий | 10 месяцев назад |
 | CVE-2025-3608 A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2. | CVSS3: 6.5 | 0% Низкий | 10 месяцев назад |
 | CVE-2025-3608 A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2. | CVSS3: 6.5 | 0% Низкий | 10 месяцев назад |
 | CVE-2025-3608 A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2. | CVSS3: 7.5 | 0% Низкий | 10 месяцев назад |
| GHSA-799g-3g44-3g9m A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird ESR < 128.9. | CVSS3: 7.3 | 1% Низкий | 10 месяцев назад |
| GHSA-57xv-4vp5-7v49 After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 137 and Thunderbird < 137. | CVSS3: 7.7 | 0% Низкий | 10 месяцев назад |
| GHSA-h3xj-xc3c-cvpm Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox < 137 and Thunderbird < 137. | CVSS3: 7.4 | 0% Низкий | 10 месяцев назад |
| GHSA-2f7m-9j2c-gwvw Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 137 and Thunderbird < 137. | CVSS3: 8.1 | 0% Низкий | 10 месяцев назад |
Уязвимостей на страницу