Mozilla

Firefox

2867 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2024-11705

  • EPSS 0.49%
  • Published 26.11.2024 14:15:19
  • Last modified 24.06.2025 17:07:46

`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phK...

8.8

CVE-2024-11691

  • EPSS 0.5%
  • Published 26.11.2024 14:15:18
  • Last modified 06.01.2025 18:15:18

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were...

4.3

CVE-2024-11692

  • EPSS 0.2%
  • Published 26.11.2024 14:15:18
  • Last modified 03.04.2025 13:31:37

An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

9.8

CVE-2024-11693

  • EPSS 0.63%
  • Published 26.11.2024 14:15:18
  • Last modified 03.04.2025 13:31:28

The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thu...

6.1

CVE-2024-11694

  • EPSS 0.41%
  • Published 26.11.2024 14:15:18
  • Last modified 13.12.2024 17:15:05

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquer...

6.5

CVE-2024-10941

  • EPSS 0.37%
  • Published 06.11.2024 21:15:05
  • Last modified 10.02.2025 23:15:11

A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126.

6.5

CVE-2024-10463

  • EPSS 0.21%
  • Published 29.10.2024 13:15:04
  • Last modified 04.11.2024 13:31:20

Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

6.5

CVE-2024-10464

  • EPSS 0.44%
  • Published 29.10.2024 13:15:04
  • Last modified 04.11.2024 13:30:23

Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Th...

6.5

CVE-2024-10465

  • EPSS 0.19%
  • Published 29.10.2024 13:15:04
  • Last modified 04.11.2024 13:30:10

A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

7.5

CVE-2024-10466

  • EPSS 0.8%
  • Published 29.10.2024 13:15:04
  • Last modified 22.03.2025 14:15:13

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.