Mozilla

Firefox

2867 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-5266

  • EPSS 0.09%
  • Veröffentlicht 27.05.2025 12:29:25
  • Zuletzt bearbeitet 23.09.2025 15:15:33

Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.

5.4

CVE-2025-5267

  • EPSS 0.08%
  • Veröffentlicht 27.05.2025 12:29:25
  • Zuletzt bearbeitet 11.06.2025 12:15:27

A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.

4.8

CVE-2025-5265

  • EPSS 0.03%
  • Veröffentlicht 27.05.2025 12:29:24
  • Zuletzt bearbeitet 11.06.2025 12:15:27

Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Window...

4.8

CVE-2025-5264

  • EPSS 0.06%
  • Veröffentlicht 27.05.2025 12:29:23
  • Zuletzt bearbeitet 11.06.2025 12:15:27

Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 139, F...

4.3

CVE-2025-5263

  • EPSS 0.04%
  • Veröffentlicht 27.05.2025 12:29:22
  • Zuletzt bearbeitet 11.06.2025 12:15:27

Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbir...

7.5

CVE-2025-5262

Medienbericht
  • EPSS 0.07%
  • Veröffentlicht 27.05.2025 12:29:21
  • Zuletzt bearbeitet 19.09.2025 17:18:14

A double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird <...

4.3

CVE-2025-5020

  • EPSS 0.05%
  • Veröffentlicht 21.05.2025 17:18:08
  • Zuletzt bearbeitet 13.06.2025 18:55:32

Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client This vulnerability affects Firefox for ...

8.8

CVE-2025-4919

Medienbericht
  • EPSS 0.05%
  • Veröffentlicht 17.05.2025 21:07:27
  • Zuletzt bearbeitet 28.05.2025 14:08:29

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbir...

9.8

CVE-2025-4918

Exploit
  • EPSS 0.07%
  • Veröffentlicht 17.05.2025 21:07:26
  • Zuletzt bearbeitet 22.09.2025 18:15:43

An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.

0

CVE-2025-4921

  • EPSS 0.02%
  • Veröffentlicht 17.05.2025 21:07:25
  • Zuletzt bearbeitet 18.05.2025 20:15:19

Rejected reason: Duplicate of CVE-2025-4919