Mozilla

Firefox

3184 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.66%
  • Veröffentlicht 26.11.2024 14:15:19
  • Zuletzt bearbeitet 24.06.2025 17:07:46

`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phK...

  • EPSS 0.7%
  • Veröffentlicht 26.11.2024 14:15:18
  • Zuletzt bearbeitet 06.01.2025 18:15:18

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were...

  • EPSS 0.47%
  • Veröffentlicht 26.11.2024 14:15:18
  • Zuletzt bearbeitet 03.11.2025 22:16:37

An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

  • EPSS 0.83%
  • Veröffentlicht 26.11.2024 14:15:18
  • Zuletzt bearbeitet 03.04.2025 13:31:28

The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thu...

  • EPSS 0.5%
  • Veröffentlicht 26.11.2024 14:15:18
  • Zuletzt bearbeitet 03.11.2025 22:16:37

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquer...

  • EPSS 0.39%
  • Veröffentlicht 06.11.2024 21:15:05
  • Zuletzt bearbeitet 10.02.2025 23:15:11

A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126.

  • EPSS 0.7%
  • Veröffentlicht 29.10.2024 13:15:04
  • Zuletzt bearbeitet 03.11.2025 22:16:35

Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

  • EPSS 0.6%
  • Veröffentlicht 29.10.2024 13:15:04
  • Zuletzt bearbeitet 03.11.2025 22:16:35

Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Th...

  • EPSS 0.54%
  • Veröffentlicht 29.10.2024 13:15:04
  • Zuletzt bearbeitet 03.11.2025 22:16:36

A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

  • EPSS 0.81%
  • Veröffentlicht 29.10.2024 13:15:04
  • Zuletzt bearbeitet 03.11.2025 22:16:36

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.