Mozilla

Firefox

3102 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2025-5265

  • EPSS 0.06%
  • Veröffentlicht 27.05.2025 12:29:24
  • Zuletzt bearbeitet 13.04.2026 15:17:04

Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Window...

4.8

CVE-2025-5264

  • EPSS 0.13%
  • Veröffentlicht 27.05.2025 12:29:23
  • Zuletzt bearbeitet 13.04.2026 15:17:03

Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 139...

4.3

CVE-2025-5263

  • EPSS 0.18%
  • Veröffentlicht 27.05.2025 12:29:22
  • Zuletzt bearbeitet 13.04.2026 15:17:03

Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 1...

7.5

CVE-2025-5262

Medienbericht
  • EPSS 0.38%
  • Veröffentlicht 27.05.2025 12:29:21
  • Zuletzt bearbeitet 19.09.2025 17:18:14

A double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird <...

4.3

CVE-2025-5020

  • EPSS 0.18%
  • Veröffentlicht 21.05.2025 17:18:08
  • Zuletzt bearbeitet 13.04.2026 15:17:03

Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client. This vulnerability was fixed in Firefo...

8.8

CVE-2025-4919

Medienbericht
  • EPSS 0.28%
  • Veröffentlicht 17.05.2025 21:07:27
  • Zuletzt bearbeitet 13.04.2026 15:17:01

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 1...

9.8

CVE-2025-4918

Exploit
  • EPSS 0.99%
  • Veröffentlicht 17.05.2025 21:07:26
  • Zuletzt bearbeitet 13.04.2026 15:17:01

An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.

0

CVE-2025-4921

  • EPSS 0.02%
  • Veröffentlicht 17.05.2025 21:07:25
  • Zuletzt bearbeitet 18.05.2025 20:15:19

Rejected reason: Duplicate of CVE-2025-4919

0

CVE-2025-4920

  • EPSS 0.02%
  • Veröffentlicht 17.05.2025 21:07:23
  • Zuletzt bearbeitet 18.05.2025 20:15:19

Rejected reason: Duplicate of CVE-2025-4918

8.1

CVE-2025-4093

  • EPSS 0.43%
  • Veröffentlicht 29.04.2025 13:13:50
  • Zuletzt bearbeitet 13.04.2026 15:17:01

Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox ...