Mozilla

Firefox ESR

866 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2024-5688

Exploit
  • EPSS 1.25%
  • Published 11.06.2024 13:15:50
  • Last modified 04.04.2025 23:46:14

If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

4.3

CVE-2024-5690

  • EPSS 4.02%
  • Published 11.06.2024 13:15:50
  • Last modified 26.03.2025 14:15:31

By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

4.7

CVE-2024-5691

  • EPSS 0.19%
  • Published 11.06.2024 13:15:50
  • Last modified 19.03.2025 21:15:37

By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and ...

6.5

CVE-2024-5692

Exploit
  • EPSS 0.41%
  • Published 11.06.2024 13:15:50
  • Last modified 27.03.2025 20:07:17

On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Win...

6.1

CVE-2024-5693

  • EPSS 1.6%
  • Published 11.06.2024 13:15:50
  • Last modified 27.03.2025 20:02:24

Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

6.1

CVE-2024-4768

Exploit
  • EPSS 0.71%
  • Published 14.05.2024 18:15:14
  • Last modified 01.04.2025 18:00:09

A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

5.9

CVE-2024-4769

  • EPSS 0.69%
  • Published 14.05.2024 18:15:14
  • Last modified 01.04.2025 17:46:33

When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affect...

8.8

CVE-2024-4770

Exploit
  • EPSS 0.43%
  • Published 14.05.2024 18:15:14
  • Last modified 01.04.2025 17:46:09

When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

4.3

CVE-2024-4767

Exploit
  • EPSS 0.56%
  • Published 14.05.2024 18:15:13
  • Last modified 01.04.2025 17:47:50

If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11,...

3.7

CVE-2024-3302

  • EPSS 0.1%
  • Published 16.04.2024 16:15:08
  • Last modified 01.04.2025 13:39:33

There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 1...