Mozilla

Firefox ESR

755 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2025-5264

  • EPSS 0.13%
  • Veröffentlicht 27.05.2025 12:29:23
  • Zuletzt bearbeitet 13.04.2026 15:17:03

Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 139...

4.3

CVE-2025-5263

  • EPSS 0.18%
  • Veröffentlicht 27.05.2025 12:29:22
  • Zuletzt bearbeitet 13.04.2026 15:17:03

Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 1...

7.5

CVE-2025-5262

Medienbericht
  • EPSS 0.38%
  • Veröffentlicht 27.05.2025 12:29:21
  • Zuletzt bearbeitet 19.09.2025 17:18:14

A double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird <...

8.8

CVE-2025-4919

Medienbericht
  • EPSS 0.28%
  • Veröffentlicht 17.05.2025 21:07:27
  • Zuletzt bearbeitet 13.04.2026 15:17:01

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 1...

9.8

CVE-2025-4918

Exploit
  • EPSS 0.99%
  • Veröffentlicht 17.05.2025 21:07:26
  • Zuletzt bearbeitet 13.04.2026 15:17:01

An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.

0

CVE-2025-4921

  • EPSS 0.02%
  • Veröffentlicht 17.05.2025 21:07:25
  • Zuletzt bearbeitet 18.05.2025 20:15:19

Rejected reason: Duplicate of CVE-2025-4919

0

CVE-2025-4920

  • EPSS 0.02%
  • Veröffentlicht 17.05.2025 21:07:23
  • Zuletzt bearbeitet 18.05.2025 20:15:19

Rejected reason: Duplicate of CVE-2025-4918

8.1

CVE-2025-4093

  • EPSS 0.43%
  • Veröffentlicht 29.04.2025 13:13:50
  • Zuletzt bearbeitet 13.04.2026 15:17:01

Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox ...

8.1

CVE-2025-4091

  • EPSS 0.44%
  • Veröffentlicht 29.04.2025 13:13:48
  • Zuletzt bearbeitet 13.04.2026 15:17:00

Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitr...

4.8

CVE-2025-4087

  • EPSS 0.44%
  • Veröffentlicht 29.04.2025 13:13:42
  • Zuletzt bearbeitet 13.04.2026 15:17:00

A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability...