Mozilla

Firefox ESR

755 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-13014

  • EPSS 0.07%
  • Veröffentlicht 11.11.2025 15:47:12
  • Zuletzt bearbeitet 13.04.2026 15:16:42

Use-after-free in the Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.

3.4

CVE-2025-13015

  • EPSS 0.04%
  • Veröffentlicht 11.11.2025 15:47:12
  • Zuletzt bearbeitet 13.04.2026 15:16:42

Spoofing issue in Firefox. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30.

7.5

CVE-2025-13012

  • EPSS 0.05%
  • Veröffentlicht 11.11.2025 15:47:11
  • Zuletzt bearbeitet 13.04.2026 15:16:41

Race condition in the Graphics component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.

6.1

CVE-2025-13013

  • EPSS 0.05%
  • Veröffentlicht 11.11.2025 15:47:11
  • Zuletzt bearbeitet 13.04.2026 15:16:42

Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.

8.8

CVE-2025-11715

  • EPSS 0.07%
  • Veröffentlicht 14.10.2025 12:27:36
  • Zuletzt bearbeitet 13.04.2026 15:16:40

Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arb...

9.8

CVE-2025-11708

  • EPSS 0.09%
  • Veröffentlicht 14.10.2025 12:27:35
  • Zuletzt bearbeitet 13.04.2026 15:16:39

Use-after-free in MediaTrackGraphImpl::GetInstance(). This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

6.1

CVE-2025-11712

  • EPSS 0.05%
  • Veröffentlicht 14.10.2025 12:27:35
  • Zuletzt bearbeitet 13.04.2026 15:16:39

A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files w...

8.1

CVE-2025-11713

  • EPSS 0.04%
  • Veröffentlicht 14.10.2025 12:27:35
  • Zuletzt bearbeitet 13.04.2026 15:16:40

Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect the application when running on other operating systems. This vulnerability was fixed in Firefox 1...

9.8

CVE-2025-11710

  • EPSS 0.11%
  • Veröffentlicht 14.10.2025 12:27:34
  • Zuletzt bearbeitet 13.04.2026 15:16:39

A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thu...

6.5

CVE-2025-11711

  • EPSS 0.03%
  • Veröffentlicht 14.10.2025 12:27:34
  • Zuletzt bearbeitet 13.04.2026 15:16:39

There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.