Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 151
CVE-2024-11701
The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.
CVE-2024-11701
The incorrect domain may have been displayed in the address bar during ...
CVE-2024-11699
Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
CVE-2024-11699
Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thun ...
CVE-2024-11697
When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
CVE-2024-11697
When handling keypress events, an attacker may have been able to trick ...
CVE-2024-11696
The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
CVE-2024-11696
The application failed to account for exceptions thrown by the `loadMa ...
CVE-2024-11695
A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
CVE-2024-11695
A crafted URL containing Arabic script and whitespace characters could ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2024-11701 The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133. | CVSS3: 4.3 | 0% Низкий | 12 месяцев назад |
| CVE-2024-11701 The incorrect domain may have been displayed in the address bar during ... | CVSS3: 4.3 | 0% Низкий | 12 месяцев назад |
| CVE-2024-11699 Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | CVSS3: 8.8 | 0% Низкий | 12 месяцев назад |
| CVE-2024-11699 Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thun ... | CVSS3: 8.8 | 0% Низкий | 12 месяцев назад |
| CVE-2024-11697 When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | CVSS3: 8.8 | 0% Низкий | 12 месяцев назад |
| CVE-2024-11697 When handling keypress events, an attacker may have been able to trick ... | CVSS3: 8.8 | 0% Низкий | 12 месяцев назад |
| CVE-2024-11696 The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | CVSS3: 5.4 | 0% Низкий | 12 месяцев назад |
| CVE-2024-11696 The application failed to account for exceptions thrown by the `loadMa ... | CVSS3: 5.4 | 0% Низкий | 12 месяцев назад |
| CVE-2024-11695 A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | CVSS3: 5.4 | 0% Низкий | 12 месяцев назад |
| CVE-2024-11695 A crafted URL containing Arabic script and whitespace characters could ... | CVSS3: 5.4 | 0% Низкий | 12 месяцев назад |
Уязвимостей на страницу