Mozilla

Firefox

2918 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.7

CVE-2024-2616

  • EPSS 0.04%
  • Veröffentlicht 19.03.2024 12:15:09
  • Zuletzt bearbeitet 25.02.2025 14:46:02

To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9.

5.9

CVE-2024-2605

  • EPSS 0.32%
  • Veröffentlicht 19.03.2024 12:15:08
  • Zuletzt bearbeitet 01.04.2025 17:10:55

An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firef...

3.7

CVE-2024-2606

Exploit
  • EPSS 0.2%
  • Veröffentlicht 19.03.2024 12:15:08
  • Zuletzt bearbeitet 01.04.2025 17:12:33

Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124.

8.1

CVE-2024-2607

Exploit
  • EPSS 1.45%
  • Veröffentlicht 19.03.2024 12:15:08
  • Zuletzt bearbeitet 01.04.2025 17:15:20

Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9,...

8.4

CVE-2024-2608

Exploit
  • EPSS 0.16%
  • Veröffentlicht 19.03.2024 12:15:08
  • Zuletzt bearbeitet 01.04.2025 17:18:20

`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Fir...

6.1

CVE-2024-2609

Exploit
  • EPSS 1.03%
  • Veröffentlicht 19.03.2024 12:15:08
  • Zuletzt bearbeitet 01.04.2025 17:19:51

The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10.

6.1

CVE-2024-2610

Exploit
  • EPSS 0.16%
  • Veröffentlicht 19.03.2024 12:15:08
  • Zuletzt bearbeitet 01.04.2025 17:37:13

Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

6.5

CVE-2023-5388

  • EPSS 0.18%
  • Veröffentlicht 19.03.2024 12:15:07
  • Zuletzt bearbeitet 04.11.2025 19:16:23

NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

4.7

CVE-2024-26281

  • EPSS 0.27%
  • Veröffentlicht 22.02.2024 15:15:08
  • Zuletzt bearbeitet 27.03.2025 14:45:24

Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS < 123.

7.1

CVE-2024-26282

  • EPSS 0.41%
  • Veröffentlicht 22.02.2024 15:15:08
  • Zuletzt bearbeitet 27.03.2025 14:46:21

Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS < 123.