Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 501
BDU:2025-10504
Уязвимость браузера Mozilla Firefox и почтового клиента Thunderbird, связанная с чтением данных за границами буфера в памяти, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации
BDU:2025-10505
Уязвимость браузеров Firefox, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю проводить межсайтовые сценарные атаки (XSS)
GHSA-h8g5-2596-xjh9
Following the sandbox escape in CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. Attackers were able to confuse the parent process into leaking handles to unprivileged child processes leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 136.0.4, Firefox ESR < 128.8.1, and Firefox ESR < 115.21.1.
CVE-2025-2857
Following the recent Chrome sandbox escape (CVE-2025-2783), various Fi ...
CVE-2025-2857
Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 136.0.4, Firefox ESR < 128.8.1, and Firefox ESR < 115.21.1.
CVE-2025-2857
Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 136.0.4, Firefox ESR < 128.8.1, and Firefox ESR < 115.21.1.
BDU:2025-03530
Уязвимость механизма межпроцессорного взаимодействия (IPC) браузера Mozilla Firefox, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить произвольный код
GHSA-57gw-hcmr-f4g2
Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL This vulnerability affects Firefox for iOS < 136.
GHSA-3g8j-6hfm-wj7g
Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136.
GHSA-m2rp-964h-h237
Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS < 136.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
BDU:2025-10504 Уязвимость браузера Mozilla Firefox и почтового клиента Thunderbird, связанная с чтением данных за границами буфера в памяти, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации | CVSS3: 6.5 | 0% Низкий | 11 месяцев назад | |
BDU:2025-10505 Уязвимость браузеров Firefox, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю проводить межсайтовые сценарные атаки (XSS) | CVSS3: 8 | 0% Низкий | 11 месяцев назад | |
GHSA-h8g5-2596-xjh9 Following the sandbox escape in CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. Attackers were able to confuse the parent process into leaking handles to unprivileged child processes leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 136.0.4, Firefox ESR < 128.8.1, and Firefox ESR < 115.21.1. | CVSS3: 10 | 0% Низкий | 11 месяцев назад | |
CVE-2025-2857 Following the recent Chrome sandbox escape (CVE-2025-2783), various Fi ... | CVSS3: 10 | 0% Низкий | 11 месяцев назад | |
CVE-2025-2857 Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 136.0.4, Firefox ESR < 128.8.1, and Firefox ESR < 115.21.1. | CVSS3: 10 | 0% Низкий | 11 месяцев назад | |
CVE-2025-2857 Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 136.0.4, Firefox ESR < 128.8.1, and Firefox ESR < 115.21.1. | 0% Низкий | 11 месяцев назад | ||
BDU:2025-03530 Уязвимость механизма межпроцессорного взаимодействия (IPC) браузера Mozilla Firefox, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить произвольный код | CVSS3: 10 | 0% Низкий | 11 месяцев назад | |
GHSA-57gw-hcmr-f4g2 Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL This vulnerability affects Firefox for iOS < 136. | CVSS3: 5.4 | 0% Низкий | 11 месяцев назад | |
GHSA-3g8j-6hfm-wj7g Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136. | CVSS3: 8.2 | 0% Низкий | 11 месяцев назад | |
GHSA-m2rp-964h-h237 Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS < 136. | CVSS3: 4.3 | 0% Низкий | 11 месяцев назад |
Уязвимостей на страницу