Mozilla

Firefox

2918 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.6

CVE-2024-4771

Exploit
  • EPSS 0.48%
  • Veröffentlicht 14.05.2024 18:15:14
  • Zuletzt bearbeitet 01.04.2025 17:54:27

A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 126.

8.1

CVE-2024-4765

  • EPSS 0.15%
  • Veröffentlicht 14.05.2024 18:15:13
  • Zuletzt bearbeitet 04.04.2025 14:27:03

Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. *This issue on...

4.3

CVE-2024-4766

  • EPSS 0.33%
  • Veröffentlicht 14.05.2024 18:15:13
  • Zuletzt bearbeitet 04.04.2025 14:26:43

Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*...

4.3

CVE-2024-4767

Exploit
  • EPSS 0.87%
  • Veröffentlicht 14.05.2024 18:15:13
  • Zuletzt bearbeitet 01.04.2025 17:47:50

If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11,...

8.8

CVE-2024-4367

  • EPSS 32.6%
  • Veröffentlicht 14.05.2024 18:15:12
  • Zuletzt bearbeitet 24.04.2025 19:15:46

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

9.8

CVE-2024-4764

Exploit
  • EPSS 0.54%
  • Veröffentlicht 14.05.2024 18:15:12
  • Zuletzt bearbeitet 01.04.2025 17:42:53

Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. This vulnerability affects Firefox < 126.

3.7

CVE-2024-3302

  • EPSS 0.1%
  • Veröffentlicht 16.04.2024 16:15:08
  • Zuletzt bearbeitet 01.04.2025 13:39:33

There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 1...

7.5

CVE-2024-3852

  • EPSS 1.13%
  • Veröffentlicht 16.04.2024 16:15:08
  • Zuletzt bearbeitet 01.04.2025 13:39:19

GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

7.5

CVE-2024-3853

  • EPSS 0.09%
  • Veröffentlicht 16.04.2024 16:15:08
  • Zuletzt bearbeitet 31.03.2025 16:32:46

A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. This vulnerability affects Firefox < 125.

8.8

CVE-2024-3854

  • EPSS 1.01%
  • Veröffentlicht 16.04.2024 16:15:08
  • Zuletzt bearbeitet 01.04.2025 14:11:53

In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.