Mozilla

Firefox

2939 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.6

CVE-2025-6432

  • EPSS 0.06%
  • Veröffentlicht 24.06.2025 12:28:03
  • Zuletzt bearbeitet 14.07.2025 19:15:34

When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability affects Firefox < 140 and Thunderbird < 140.

4.3

CVE-2025-6428

Exploit
  • EPSS 0.04%
  • Veröffentlicht 24.06.2025 12:28:02
  • Zuletzt bearbeitet 03.07.2025 16:42:54

When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffect...

9.1

CVE-2025-6427

  • EPSS 0.04%
  • Veröffentlicht 24.06.2025 12:28:01
  • Zuletzt bearbeitet 14.07.2025 19:15:34

An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox < 140 and Thunderbi...

6.1

CVE-2025-6430

  • EPSS 0.05%
  • Veröffentlicht 24.06.2025 12:28:01
  • Zuletzt bearbeitet 03.11.2025 20:19:19

When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. ...

8.8

CVE-2025-6426

  • EPSS 0.03%
  • Veröffentlicht 24.06.2025 12:28:00
  • Zuletzt bearbeitet 14.07.2025 19:15:33

The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140, Firefox ESR < 128.12, T...

6.5

CVE-2025-6429

  • EPSS 0.06%
  • Veröffentlicht 24.06.2025 12:28:00
  • Zuletzt bearbeitet 03.11.2025 20:19:19

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This...

9.8

CVE-2025-6424

  • EPSS 0.17%
  • Veröffentlicht 24.06.2025 12:27:59
  • Zuletzt bearbeitet 03.11.2025 20:19:18

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

4.3

CVE-2025-6425

  • EPSS 0.06%
  • Veröffentlicht 24.06.2025 12:27:59
  • Zuletzt bearbeitet 03.11.2025 20:19:18

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firef...

9.8

CVE-2025-49710

  • EPSS 0.06%
  • Veröffentlicht 11.06.2025 12:07:50
  • Zuletzt bearbeitet 16.06.2025 16:40:48

An integer overflow was present in `OrderedHashTable` used by the JavaScript engine This vulnerability affects Firefox < 139.0.4.

9.8

CVE-2025-49709

  • EPSS 0.06%
  • Veröffentlicht 11.06.2025 12:07:49
  • Zuletzt bearbeitet 16.06.2025 16:41:05

Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox < 139.0.4.