Mozilla

Firefox

2867 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-8384

  • EPSS 1%
  • Veröffentlicht 03.09.2024 13:15:05
  • Zuletzt bearbeitet 06.09.2024 17:15:17

The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2,...

9.8

CVE-2024-8385

  • EPSS 0.71%
  • Veröffentlicht 03.09.2024 13:15:05
  • Zuletzt bearbeitet 06.09.2024 17:15:17

A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.

6.1

CVE-2024-8386

  • EPSS 0.22%
  • Veröffentlicht 03.09.2024 13:15:05
  • Zuletzt bearbeitet 30.10.2024 17:35:16

If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.

9.8

CVE-2024-8387

  • EPSS 0.92%
  • Veröffentlicht 03.09.2024 13:15:05
  • Zuletzt bearbeitet 06.09.2024 17:15:18

Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vu...

5.3

CVE-2024-8388

  • EPSS 0.12%
  • Veröffentlicht 03.09.2024 13:15:05
  • Zuletzt bearbeitet 30.10.2024 17:35:17

Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the ...

6.1

CVE-2024-43111

  • EPSS 0.65%
  • Veröffentlicht 06.08.2024 16:15:49
  • Zuletzt bearbeitet 29.08.2024 16:53:16

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129.

6.1

CVE-2024-43112

  • EPSS 1%
  • Veröffentlicht 06.08.2024 16:15:49
  • Zuletzt bearbeitet 17.03.2025 20:15:12

Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129.

6.1

CVE-2024-43113

  • EPSS 0.76%
  • Veröffentlicht 06.08.2024 16:15:49
  • Zuletzt bearbeitet 24.03.2025 17:15:18

The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129.

9.6

CVE-2024-7519

  • EPSS 0.25%
  • Veröffentlicht 06.08.2024 13:15:57
  • Zuletzt bearbeitet 12.08.2024 16:04:20

Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, T...

8.8

CVE-2024-7520

  • EPSS 0.32%
  • Veröffentlicht 06.08.2024 13:15:57
  • Zuletzt bearbeitet 24.03.2025 17:15:19

A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.