本頁列出影響 mozilla firefox_mobile 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-53900 | Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0. | [email protected] | 4.3 | 0.11% | 2026-06-16 | 2026-06-17 |
| CVE-2026-53899 | Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0. | [email protected] | 6.5 | 0.10% | 2026-06-16 | 2026-06-17 |
| CVE-2012-3979 | Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function. | [email protected] | 6.8 | 1.88% | 2012-08-29 | 2026-06-16 |
| CVE-2012-1144 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font. | [email protected] | 9.3 | 4.91% | 2012-04-25 | 2026-06-16 |
| CVE-2012-1143 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted font. | [email protected] | 4.3 | 1.57% | 2012-04-25 | 2026-06-16 |
| CVE-2012-1142 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font. | [email protected] | 9.3 | 3.81% | 2012-04-25 | 2026-06-16 |
| CVE-2012-1141 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted ASCII string in a BDF font. | [email protected] | 9.3 | 3.81% | 2012-04-25 | 2026-06-16 |
| CVE-2012-1140 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted PostScript font object. | [email protected] | 9.3 | 3.81% | 2012-04-25 | 2026-06-16 |
| CVE-2012-1139 | Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid stack read operation and memory corruption) or possibly execute arbitrary code via crafted glyph data in a BDF font. | [email protected] | 9.3 | 3.81% | 2012-04-25 | 2026-06-16 |
| CVE-2012-1138 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font. | [email protected] | 9.3 | 4.80% | 2012-04-25 | 2026-06-16 |
| CVE-2012-1137 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted header in a BDF font. | [email protected] | 9.3 | 3.81% | 2012-04-25 | 2026-06-16 |
| CVE-2012-1136 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font that lacks an ENCODING field. | [email protected] | 9.3 | 3.81% | 2012-04-25 | 2026-06-16 |
| CVE-2012-1135 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instructions in a TrueType font. | [email protected] | 9.3 | 4.80% | 2012-04-25 | 2026-06-16 |
| CVE-2012-1134 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font. | [email protected] | 9.3 | 4.63% | 2012-04-25 | 2026-06-16 |
| CVE-2012-1133 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font. | [email protected] | 9.3 | 4.80% | 2012-04-25 | 2026-06-16 |
| CVE-2012-1132 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font. | [email protected] | 9.3 | 3.81% | 2012-04-25 | 2026-06-16 |
| CVE-2012-1131 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors related to the cell table of a font. | [email protected] | 9.3 | 3.81% | 2012-04-25 | 2026-06-16 |
| CVE-2012-1130 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a PCF font. | [email protected] | 9.3 | 3.81% | 2012-04-25 | 2026-06-16 |
| CVE-2012-1129 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT string in a Type 42 font. | [email protected] | 9.3 | 3.81% | 2012-04-25 | 2026-06-16 |
| CVE-2012-1128 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font. | [email protected] | 9.3 | 4.67% | 2012-04-25 | 2026-06-16 |