Mozilla

Firefox

2867 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-8384

  • EPSS 1%
  • Published 03.09.2024 13:15:05
  • Last modified 06.09.2024 17:15:17

The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2,...

9.8

CVE-2024-8385

  • EPSS 0.71%
  • Published 03.09.2024 13:15:05
  • Last modified 06.09.2024 17:15:17

A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.

6.1

CVE-2024-8386

  • EPSS 0.22%
  • Published 03.09.2024 13:15:05
  • Last modified 30.10.2024 17:35:16

If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.

9.8

CVE-2024-8387

  • EPSS 0.92%
  • Published 03.09.2024 13:15:05
  • Last modified 06.09.2024 17:15:18

Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vu...

5.3

CVE-2024-8388

  • EPSS 0.12%
  • Published 03.09.2024 13:15:05
  • Last modified 30.10.2024 17:35:17

Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the ...

6.1

CVE-2024-43111

  • EPSS 0.65%
  • Published 06.08.2024 16:15:49
  • Last modified 29.08.2024 16:53:16

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129.

6.1

CVE-2024-43112

  • EPSS 1%
  • Published 06.08.2024 16:15:49
  • Last modified 17.03.2025 20:15:12

Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129.

6.1

CVE-2024-43113

  • EPSS 0.76%
  • Published 06.08.2024 16:15:49
  • Last modified 24.03.2025 17:15:18

The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129.

9.6

CVE-2024-7519

  • EPSS 0.25%
  • Published 06.08.2024 13:15:57
  • Last modified 12.08.2024 16:04:20

Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, T...

8.8

CVE-2024-7520

  • EPSS 0.32%
  • Published 06.08.2024 13:15:57
  • Last modified 24.03.2025 17:15:19

A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.