Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 151
BDU:2025-03142
Уязвимость интерфейса WebChannel API браузеров Mozilla Firefox, Firefox ESR и почтовых клиентов Thunderbird, Thunderbird ESR, позволяющая нарушителю повысить свои привилегии
BDU:2025-03143
Уязвимость компонента Application-Layer Protocol Negotiation (ALPN) браузеров Mozilla Firefox, Firefox ESR и почтовых клиентов Thunderbird, Thunderbird ESR, позволяющая нарушителю перенаправить пользователя на произвольный URL-адрес
GHSA-3r9h-5xmh-8j4q
Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133.
GHSA-jxv2-pgjw-vg3v
Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133.
GHSA-4c4w-pcg8-6hq9
Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133.
GHSA-h8gv-f7pf-7c4p
A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133 and Thunderbird < 133.
GHSA-8rq4-c5x2-x4g8
A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox < 133 and Thunderbird < 133.
GHSA-rh22-rcv2-42x3
A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
GHSA-7r4q-q89f-2mcg
Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133.
GHSA-4jp9-q9g7-48gr
When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2025-03142 Уязвимость интерфейса WebChannel API браузеров Mozilla Firefox, Firefox ESR и почтовых клиентов Thunderbird, Thunderbird ESR, позволяющая нарушителю повысить свои привилегии | CVSS3: 6.8 | 0% Низкий | 10 месяцев назад |
| BDU:2025-03143 Уязвимость компонента Application-Layer Protocol Negotiation (ALPN) браузеров Mozilla Firefox, Firefox ESR и почтовых клиентов Thunderbird, Thunderbird ESR, позволяющая нарушителю перенаправить пользователя на произвольный URL-адрес | CVSS3: 5.4 | 0% Низкий | 10 месяцев назад |
| GHSA-3r9h-5xmh-8j4q Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133. | CVSS3: 6.5 | 0% Низкий | 12 месяцев назад |
| GHSA-jxv2-pgjw-vg3v Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133. | CVSS3: 5.4 | 0% Низкий | 12 месяцев назад |
| GHSA-4c4w-pcg8-6hq9 Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133. | CVSS3: 5.4 | 0% Низкий | 12 месяцев назад |
| GHSA-h8gv-f7pf-7c4p A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133 and Thunderbird < 133. | CVSS3: 9.8 | 1% Низкий | 12 месяцев назад |
| GHSA-8rq4-c5x2-x4g8 A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox < 133 and Thunderbird < 133. | CVSS3: 6.5 | 0% Низкий | 12 месяцев назад |
| GHSA-rh22-rcv2-42x3 A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | CVSS3: 5.4 | 0% Низкий | 12 месяцев назад |
| GHSA-7r4q-q89f-2mcg Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133. | CVSS3: 7.5 | 0% Низкий | 12 месяцев назад |
| GHSA-4jp9-q9g7-48gr When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | CVSS3: 8.8 | 0% Низкий | 12 месяцев назад |
Уязвимостей на страницу