Mozilla

Firefox

3184 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 72.65%
  • Veröffentlicht 14.05.2024 18:15:12
  • Zuletzt bearbeitet 12.05.2026 12:17:19

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Exploit
  • EPSS 0.57%
  • Veröffentlicht 14.05.2024 18:15:12
  • Zuletzt bearbeitet 01.04.2025 17:42:53

Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. This vulnerability affects Firefox < 126.

  • EPSS 0.76%
  • Veröffentlicht 16.04.2024 16:15:08
  • Zuletzt bearbeitet 01.04.2025 13:39:33

There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 1...

  • EPSS 0.62%
  • Veröffentlicht 16.04.2024 16:15:08
  • Zuletzt bearbeitet 01.04.2025 13:39:19

GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

  • EPSS 0.36%
  • Veröffentlicht 16.04.2024 16:15:08
  • Zuletzt bearbeitet 31.03.2025 16:32:46

A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. This vulnerability affects Firefox < 125.

  • EPSS 0.73%
  • Veröffentlicht 16.04.2024 16:15:08
  • Zuletzt bearbeitet 01.04.2025 14:11:53

In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

  • EPSS 0.4%
  • Veröffentlicht 16.04.2024 16:15:08
  • Zuletzt bearbeitet 31.03.2025 17:05:19

In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads. This vulnerability affects Firefox < 125.

  • EPSS 0.61%
  • Veröffentlicht 16.04.2024 16:15:08
  • Zuletzt bearbeitet 31.03.2025 17:01:41

A use-after-free could occur during WASM execution if garbage collection ran during the creation of an array. This vulnerability affects Firefox < 125.

  • EPSS 0.24%
  • Veröffentlicht 16.04.2024 16:15:08
  • Zuletzt bearbeitet 01.04.2025 14:16:11

The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

  • EPSS 0.57%
  • Veröffentlicht 16.04.2024 16:15:08
  • Zuletzt bearbeitet 31.03.2025 16:47:40

It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125.