ALT-PU-2025-5736-1

BDU:2024-08355

HIGH7.8

Уязвимость компонента WebAuthentication браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю повысить свои привилегии

Опубликовано: 2024-10-23Изменено: 2025-03-21

CVSS 3.xВЫСОКАЯ 7.8

CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0ВЫСОКАЯ 7.2

CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C

Ссылки

CVE-2024-9956

BDU:2025-02599

MEDIUM6.3

Уязвимость компонента AudioIPC браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2025-03-13Изменено: 2026-03-04

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CVSS 2.0ВЫСОКАЯ 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

Ссылки

BDU:2025-02600

HIGH7.8

Уязвимость компонента RegExp браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2025-03-13Изменено: 2026-03-04

CVSS 3.xВЫСОКАЯ 7.8

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C

Ссылки

BDU:2025-02601

CRITICAL9.8

Уязвимость компонента xslt/txNodeSorter браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR, позволяющая нарушителю оказать влияние на конфиденциальность, целостность и доступность защищаемой информации

Опубликовано: 2025-03-13Изменено: 2026-03-04

CVSS 3.xКРИТИЧЕСКАЯ 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0КРИТИЧЕСКАЯ 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

Ссылки

BDU:2025-02602

MEDIUM4.3

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю оказать влияние на целостность защищаемой информации

Опубликовано: 2025-03-13Изменено: 2026-03-04

CVSS 3.xСРЕДНЯЯ 4.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N

Ссылки

BDU:2025-02603

MEDIUM6.3

Уязвимость компонента WebTransport браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2025-03-13Изменено: 2026-03-04

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CVSS 2.0ВЫСОКАЯ 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

Ссылки

BDU:2025-02604

MEDIUM6.3

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать выполнить произвольный код

Опубликовано: 2025-03-13Изменено: 2026-03-04

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CVSS 2.0ВЫСОКАЯ 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

Ссылки

BDU:2025-02605

MEDIUM6.5

Уязвимость компонента RegExp браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR, позволяющая нарушителю оказать влияние на конфиденциальность, целостность защищаемой информации

Опубликовано: 2025-03-13Изменено: 2026-03-04

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS 2.0СРЕДНЯЯ 6.4

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N

Ссылки

BDU:2025-02606

MEDIUM6.5

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR, связанная с чтением за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2025-03-13Изменено: 2026-03-04

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS 2.0СРЕДНЯЯ 6.4

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N

Ссылки

BDU:2025-02877

HIGH7.6

Уязвимость JIT-компилятора браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2025-03-18Изменено: 2026-03-04

CVSS 3.xВЫСОКАЯ 7.6

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

CVSS 2.0КРИТИЧЕСКАЯ 9.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:C

Ссылки

BDU:2025-02878

HIGH8.2

Уязвимость браузера Mozilla Firefox и почтового клиента Thunderbird, связанная с переполнением буфера в динамической памяти, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2025-03-18Изменено: 2026-03-04

CVSS 3.xВЫСОКАЯ 8.2

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CVSS 2.0ВЫСОКАЯ 8.5

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:C

Ссылки

BDU:2025-02879

MEDIUM6.3

Уязвимость функции String.toUpperCase() браузера Mozilla Firefox и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2025-03-18Изменено: 2026-03-04

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CVSS 2.0ВЫСОКАЯ 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

Ссылки

BDU:2025-02880

CRITICAL9.1

Уязвимость браузера Mozilla Firefox Focus, связанная с ошибками разграничения доступа, позволяющая нарушителю обойти существующие ограничения безопасности

Опубликовано: 2025-03-18

CVSS 3.xКРИТИЧЕСКАЯ 9.1

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS 2.0КРИТИЧЕСКАЯ 9.4

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:N

Ссылки

BDU:2025-03530

CRITICAL10.0

Уязвимость механизма межпроцессорного взаимодействия (IPC) браузера Mozilla Firefox, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить произвольный код

Опубликовано: 2025-03-31Изменено: 2025-04-01

CVSS 3.xКРИТИЧЕСКАЯ 10.0

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS 2.0КРИТИЧЕСКАЯ 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

Ссылки

BDU:2025-04334

HIGH8.6

Уязвимость браузера Mozilla Firefox, связанная с недостаточной защитой служебных данных, позволяющая нарушителю раскрыть защищаемую информацию

Опубликовано: 2025-04-14Изменено: 2026-03-04

CVSS 3.xВЫСОКАЯ 8.6

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CVSS 2.0КРИТИЧЕСКАЯ 9.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:P/A:P

Ссылки

CVE-2024-9956

HIGH7.8

Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2024-10-15Изменено: 2025-11-03

CVSS 3.xВЫСОКАЯ 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2025-1414

MEDIUM6.5

Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135.0.1.

Опубликовано: 2025-02-18Изменено: 2026-04-13

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Ссылки

CVE-2025-1930

HIGH8.8

On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Опубликовано: 2025-03-04Изменено: 2026-04-13

CVSS 3.xВЫСОКАЯ 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2025-1931

HIGH7.5

It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Опубликовано: 2025-03-04Изменено: 2026-04-13

CVSS 3.xВЫСОКАЯ 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2025-1932

HIGH8.1

An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Опубликовано: 2025-03-04Изменено: 2026-04-13

CVSS 3.xВЫСОКАЯ 8.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Ссылки

CVE-2025-1933

HIGH7.6

On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Опубликовано: 2025-03-04Изменено: 2026-04-13

CVSS 3.xВЫСОКАЯ 7.6

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Ссылки

CVE-2025-1934

MEDIUM6.5

It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Опубликовано: 2025-03-04Изменено: 2026-04-13

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Ссылки

CVE-2025-1935

MEDIUM4.3

A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Опубликовано: 2025-03-04Изменено: 2026-04-13

CVSS 3.xСРЕДНЯЯ 4.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Ссылки

CVE-2025-1936

HIGH7.3

jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Опубликовано: 2025-03-04Изменено: 2026-04-13

CVSS 3.xВЫСОКАЯ 7.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Ссылки

CVE-2025-1937

HIGH7.5

Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Опубликовано: 2025-03-04Изменено: 2026-04-13

CVSS 3.xВЫСОКАЯ 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2025-1938

MEDIUM6.5

Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Опубликовано: 2025-03-04Изменено: 2026-04-13

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Ссылки

CVE-2025-1939

LOW3.9

Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability was fixed in Firefox 136.

Опубликовано: 2025-03-04Изменено: 2026-04-13

CVSS 3.xНИЗКАЯ 3.9

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Ссылки

CVE-2025-1940

HIGH7.1

A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. This issue only affects Android versions of Firefox.. This vulnerability was fixed in Firefox 136.

Опубликовано: 2025-03-04Изменено: 2026-04-13

CVSS 3.xВЫСОКАЯ 7.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

Ссылки

CVE-2025-1941

CRITICAL9.1

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability was fixed in Firefox 136.

Опубликовано: 2025-03-04Изменено: 2026-04-13

CVSS 3.xКРИТИЧЕСКАЯ 9.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Ссылки

CVE-2025-1942

CRITICAL9.8

When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string. This vulnerability was fixed in Firefox 136 and Thunderbird 136.

Опубликовано: 2025-03-04Изменено: 2026-04-13

CVSS 3.xКРИТИЧЕСКАЯ 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Ссылки

CVE-2025-1943

HIGH8.2

Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 136 and Thunderbird 136.

Опубликовано: 2025-03-04Изменено: 2026-04-13

CVSS 3.xВЫСОКАЯ 8.2

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Ссылки

CVE-2025-2857

CRITICAL10.0

Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. This only affects Firefox on Windows. Other operating systems are unaffected.. This vulnerability was fixed in Firefox 136.0.4, Firefox ESR 128.8.1, and Firefox ESR 115.21.1.

Опубликовано: 2025-03-27Изменено: 2026-04-13

CVSS 3.xКРИТИЧЕСКАЯ 10.0

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Ссылки

CVE-2025-3028

MEDIUM6.5

JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability was fixed in Firefox 137, Firefox ESR 115.22, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.

Опубликовано: 2025-04-01Изменено: 2026-04-13

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Ссылки

CVE-2025-3029

HIGH7.3

A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability was fixed in Firefox 137, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.

Опубликовано: 2025-04-01Изменено: 2026-04-13

CVSS 3.xВЫСОКАЯ 7.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Ссылки

CVE-2025-3030

HIGH8.1

Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 137, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.

Опубликовано: 2025-04-01Изменено: 2026-04-13

CVSS 3.xВЫСОКАЯ 8.1

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Ссылки

CVE-2025-3031

MEDIUM6.5

An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability was fixed in Firefox 137 and Thunderbird 137.

Опубликовано: 2025-04-01Изменено: 2026-04-13

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Ссылки

CVE-2025-3032

HIGH7.4

Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability was fixed in Firefox 137 and Thunderbird 137.

Опубликовано: 2025-04-01Изменено: 2026-04-13

CVSS 3.xВЫСОКАЯ 7.4

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Ссылки

CVE-2025-3033

HIGH7.7

After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. This bug only affects Firefox on Windows. Other operating systems are unaffected.. This vulnerability was fixed in Firefox 137 and Thunderbird 137.

Опубликовано: 2025-04-01Изменено: 2026-04-13

CVSS 3.xВЫСОКАЯ 7.7

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Ссылки

CVE-2025-3034

HIGH8.1

Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 137 and Thunderbird 137.

Опубликовано: 2025-04-01Изменено: 2026-04-13

CVSS 3.xВЫСОКАЯ 8.1

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Ссылки

CVE-2025-3035

MEDIUM5.3

By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability was fixed in Firefox 137.

Опубликовано: 2025-04-01Изменено: 2026-04-13

CVSS 3.xСРЕДНЯЯ 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Ссылки

CVE-2025-3608

MEDIUM6.5

A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability was fixed in Firefox 137.0.2.

Опубликовано: 2025-04-15Изменено: 2026-04-13

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Ссылки

Обновление пакета firefox в ветке sisyphus_riscv64

Закрытые проблемы (41)

Уязвимость компонента WebAuthentication браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю повысить свои привилегии

Уязвимость компонента AudioIPC браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента RegExp браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента WebTransport браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость JIT-компилятора браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код

Уязвимость функции String.toUpperCase() браузера Mozilla Firefox и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код

Уязвимость браузера Mozilla Firefox Focus, связанная с ошибками разграничения доступа, позволяющая нарушителю обойти существующие ограничения безопасности

Уязвимость браузера Mozilla Firefox, связанная с недостаточной защитой служебных данных, позволяющая нарушителю раскрыть защищаемую информацию

Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135.0.1.

It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability was fixed in Firefox 136.

A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. This issue only affects Android versions of Firefox.. This vulnerability was fixed in Firefox 136.

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability was fixed in Firefox 136.

When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string. This vulnerability was fixed in Firefox 136 and Thunderbird 136.

Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 136 and Thunderbird 136.

JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability was fixed in Firefox 137, Firefox ESR 115.22, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.

A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability was fixed in Firefox 137, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.

An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability was fixed in Firefox 137 and Thunderbird 137.

Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability was fixed in Firefox 137 and Thunderbird 137.

After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. This bug only affects Firefox on Windows. Other operating systems are unaffected.. This vulnerability was fixed in Firefox 137 and Thunderbird 137.

Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 137 and Thunderbird 137.

By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability was fixed in Firefox 137.

A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability was fixed in Firefox 137.0.2.

Закрытые ошибки (2)

Некорректное название приложения Firefox при воспроизведении видео в панели уведомлений

При запуске в безопасном режиме на панели управления отображается иконка Wayland

Обновление пакета firefox в ветке sisyphus_riscv64

Закрытые проблемы (41)

Уязвимость компонента WebAuthentication браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю повысить свои привилегии

Уязвимость компонента AudioIPC браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента RegExp браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента WebTransport браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость JIT-компилятора браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код

Уязвимость функции String.toUpperCase() браузера Mozilla Firefox и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код

Уязвимость браузера Mozilla Firefox Focus, связанная с ошибками разграничения доступа, позволяющая нарушителю обойти существующие ограничения безопасности

Уязвимость браузера Mozilla Firefox, связанная с недостаточной защитой служебных данных, позволяющая нарушителю раскрыть защищаемую информацию

Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135.0.1.

It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability was fixed in Firefox 136.

A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. *This issue only affects Android versions of Firefox.*. This vulnerability was fixed in Firefox 136.

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability was fixed in Firefox 136.

When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string. This vulnerability was fixed in Firefox 136 and Thunderbird 136.

Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 136 and Thunderbird 136.

JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability was fixed in Firefox 137, Firefox ESR 115.22, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.

A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability was fixed in Firefox 137, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.

An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability was fixed in Firefox 137 and Thunderbird 137.

Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability was fixed in Firefox 137 and Thunderbird 137.

After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 137 and Thunderbird 137.

Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 137 and Thunderbird 137.

By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability was fixed in Firefox 137.

A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability was fixed in Firefox 137.0.2.

Закрытые ошибки (2)

Некорректное название приложения Firefox при воспроизведении видео в панели уведомлений

При запуске в безопасном режиме на панели управления отображается иконка Wayland

A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. This issue only affects Android versions of Firefox.. This vulnerability was fixed in Firefox 136.

After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. This bug only affects Firefox on Windows. Other operating systems are unaffected.. This vulnerability was fixed in Firefox 137 and Thunderbird 137.