Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 151

CVE-2024-10460

около 1 года назад

The origin of an external protocol handler prompt could have been obsc ...

CVSS3: 5.3

EPSS: Низкий

CVE-2024-10459

около 1 года назад

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

CVSS3: 7.5

EPSS: Низкий

CVE-2024-10459

около 1 года назад

An attacker could have caused a use-after-free when accessibility was ...

CVSS3: 7.5

EPSS: Низкий

CVE-2024-10458

около 1 года назад

A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

CVSS3: 7.5

EPSS: Низкий

CVE-2024-10458

около 1 года назад

A permission leak could have occurred from a trusted site to an untrus ...

CVSS3: 7.5

EPSS: Низкий

CVE-2024-10464

около 1 года назад

Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

CVSS3: 6.5

EPSS: Низкий

CVE-2024-10468

около 1 года назад

Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.

CVSS3: 5.3

EPSS: Низкий

CVE-2024-10459

около 1 года назад

CVSS3: 7.5

EPSS: Низкий

CVE-2024-10467

около 1 года назад

Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

CVSS3: 8.8

EPSS: Низкий

CVE-2024-10466

около 1 года назад

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2024-10460 The origin of an external protocol handler prompt could have been obsc ...	CVSS3: 5.3	0% Низкий	около 1 года назад
CVE-2024-10459 An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.	CVSS3: 7.5	1% Низкий	около 1 года назад
CVE-2024-10459 An attacker could have caused a use-after-free when accessibility was ...	CVSS3: 7.5	1% Низкий	около 1 года назад
CVE-2024-10458 A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.	CVSS3: 7.5	0% Низкий	около 1 года назад
CVE-2024-10458 A permission leak could have occurred from a trusted site to an untrus ...	CVSS3: 7.5	0% Низкий	около 1 года назад
CVE-2024-10464 Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.	CVSS3: 6.5	1% Низкий	около 1 года назад
CVE-2024-10468 Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.	CVSS3: 5.3	0% Низкий	около 1 года назад
CVE-2024-10459 An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.	CVSS3: 7.5	1% Низкий	около 1 года назад
CVE-2024-10467 Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.	CVSS3: 8.8	0% Низкий	около 1 года назад
CVE-2024-10466 By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.	CVSS3: 7.5	1% Низкий	около 1 года назад

Уязвимостей на страницу