Mozilla

Firefox

3184 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.28%
  • Veröffentlicht 27.05.2025 12:29:25
  • Zuletzt bearbeitet 13.04.2026 15:17:04

Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.

  • EPSS 0.23%
  • Veröffentlicht 27.05.2025 12:29:25
  • Zuletzt bearbeitet 13.04.2026 15:17:04

A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.

  • EPSS 0.14%
  • Veröffentlicht 27.05.2025 12:29:24
  • Zuletzt bearbeitet 13.04.2026 15:17:04

Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Window...

  • EPSS 0.24%
  • Veröffentlicht 27.05.2025 12:29:23
  • Zuletzt bearbeitet 13.04.2026 15:17:03

Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 139...

  • EPSS 0.21%
  • Veröffentlicht 27.05.2025 12:29:22
  • Zuletzt bearbeitet 13.04.2026 15:17:03

Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 1...

Medienbericht
  • EPSS 0.38%
  • Veröffentlicht 27.05.2025 12:29:21
  • Zuletzt bearbeitet 19.09.2025 17:18:14

A double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird <...

  • EPSS 0.2%
  • Veröffentlicht 21.05.2025 17:18:08
  • Zuletzt bearbeitet 13.04.2026 15:17:03

Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client. This vulnerability was fixed in Firefo...

Medienbericht
  • EPSS 6.23%
  • Veröffentlicht 17.05.2025 21:07:27
  • Zuletzt bearbeitet 13.04.2026 15:17:01

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 1...

Exploit
  • EPSS 8.92%
  • Veröffentlicht 17.05.2025 21:07:26
  • Zuletzt bearbeitet 13.04.2026 15:17:01

An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.

  • EPSS 0.02%
  • Veröffentlicht 17.05.2025 21:07:25
  • Zuletzt bearbeitet 18.05.2025 20:15:19

Rejected reason: Duplicate of CVE-2025-4919