Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 501
BDU:2025-11979
Уязвимость веб-браузера Firefox, почтового клиента Thunderbird, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность
GHSA-6rrc-vwrv-cwxc
A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2.
CVE-2025-3608
A race condition existed in nsHttpTransaction that could have been exp ...
CVE-2025-3608
A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2.
CVE-2025-3608
A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2.
CVE-2025-3608
A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2.
GHSA-5v8r-67h5-p4jj
An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability affects Firefox < 137 and Thunderbird < 137.
GHSA-h3xj-xc3c-cvpm
Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox < 137 and Thunderbird < 137.
GHSA-p5r8-47qx-x497
JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox < 137, Firefox ESR < 115.22, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird ESR < 128.9.
GHSA-57xv-4vp5-7v49
After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 137 and Thunderbird < 137.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2025-11979 Уязвимость веб-браузера Firefox, почтового клиента Thunderbird, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность | CVSS3: 7.1 | 0% Низкий | 10 месяцев назад |
| GHSA-6rrc-vwrv-cwxc A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2. | CVSS3: 6.5 | 0% Низкий | 10 месяцев назад |
| CVE-2025-3608 A race condition existed in nsHttpTransaction that could have been exp ... | CVSS3: 6.5 | 0% Низкий | 10 месяцев назад |
 | CVE-2025-3608 A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2. | CVSS3: 6.5 | 0% Низкий | 10 месяцев назад |
 | CVE-2025-3608 A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2. | CVSS3: 6.5 | 0% Низкий | 10 месяцев назад |
 | CVE-2025-3608 A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2. | CVSS3: 7.5 | 0% Низкий | 10 месяцев назад |
| GHSA-5v8r-67h5-p4jj An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability affects Firefox < 137 and Thunderbird < 137. | CVSS3: 6.5 | 0% Низкий | 10 месяцев назад |
| GHSA-h3xj-xc3c-cvpm Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox < 137 and Thunderbird < 137. | CVSS3: 7.4 | 0% Низкий | 10 месяцев назад |
| GHSA-p5r8-47qx-x497 JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox < 137, Firefox ESR < 115.22, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird ESR < 128.9. | CVSS3: 6.5 | 1% Низкий | 10 месяцев назад |
| GHSA-57xv-4vp5-7v49 After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 137 and Thunderbird < 137. | CVSS3: 7.7 | 0% Низкий | 10 месяцев назад |
Уязвимостей на страницу