Mozilla

Firefox

2918 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2024-11701

  • EPSS 0.11%
  • Veröffentlicht 26.11.2024 14:15:19
  • Zuletzt bearbeitet 05.04.2025 00:36:49

The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.

7.5

CVE-2024-11702

  • EPSS 0.21%
  • Veröffentlicht 26.11.2024 14:15:19
  • Zuletzt bearbeitet 05.04.2025 00:41:30

Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133.

5.7

CVE-2024-11703

  • EPSS 0.04%
  • Veröffentlicht 26.11.2024 14:15:19
  • Zuletzt bearbeitet 05.04.2025 00:46:01

On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133.

9.8

CVE-2024-11704

  • EPSS 0.77%
  • Veröffentlicht 26.11.2024 14:15:19
  • Zuletzt bearbeitet 03.11.2025 21:16:04

A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability af...

9.1

CVE-2024-11705

  • EPSS 0.4%
  • Veröffentlicht 26.11.2024 14:15:19
  • Zuletzt bearbeitet 24.06.2025 17:07:46

`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phK...

8.8

CVE-2024-11691

  • EPSS 0.5%
  • Veröffentlicht 26.11.2024 14:15:18
  • Zuletzt bearbeitet 06.01.2025 18:15:18

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were...

4.3

CVE-2024-11692

  • EPSS 0.28%
  • Veröffentlicht 26.11.2024 14:15:18
  • Zuletzt bearbeitet 03.11.2025 22:16:37

An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

9.8

CVE-2024-11693

  • EPSS 0.63%
  • Veröffentlicht 26.11.2024 14:15:18
  • Zuletzt bearbeitet 03.04.2025 13:31:28

The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thu...

6.1

CVE-2024-11694

  • EPSS 0.43%
  • Veröffentlicht 26.11.2024 14:15:18
  • Zuletzt bearbeitet 03.11.2025 22:16:37

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquer...

6.5

CVE-2024-10941

  • EPSS 0.37%
  • Veröffentlicht 06.11.2024 21:15:05
  • Zuletzt bearbeitet 10.02.2025 23:15:11

A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126.