Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 220

CVE-2010-1122

больше 15 лет назад

Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allow ...

CVSS2: 10

EPSS: Низкий

CVE-2010-1122

больше 15 лет назад

Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly have unknown other impact via vectors that might involve compressed data, a different vulnerability than CVE-2010-1028.

CVSS2: 10

EPSS: Низкий

CVE-2010-1121

больше 15 лет назад

Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.

CVSS2: 10

EPSS: Низкий

CVE-2010-1121

больше 15 лет назад

Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes ...

CVSS2: 10

EPSS: Низкий

CVE-2010-0172

больше 15 лет назад

toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances.

CVSS2: 4.3

EPSS: Низкий

CVE-2010-0172

больше 15 лет назад

toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the as ...

CVSS2: 4.3

EPSS: Низкий

CVE-2010-0171

больше 15 лет назад

Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736.

CVSS2: 4.3

EPSS: Низкий

CVE-2010-0171

больше 15 лет назад

Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x bef ...

CVSS2: 4.3

EPSS: Низкий

CVE-2010-0170

больше 15 лет назад

Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin.

CVSS2: 4.3

EPSS: Низкий

CVE-2010-0170

больше 15 лет назад

Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected w ...

CVSS2: 4.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2010-1122 Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allow ...	CVSS2: 10	1% Низкий	больше 15 лет назад
CVE-2010-1122 Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly have unknown other impact via vectors that might involve compressed data, a different vulnerability than CVE-2010-1028.	CVSS2: 10	1% Низкий	больше 15 лет назад
CVE-2010-1121 Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.	CVSS2: 10	6% Низкий	больше 15 лет назад
CVE-2010-1121 Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes ...	CVSS2: 10	6% Низкий	больше 15 лет назад
CVE-2010-0172 toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances.	CVSS2: 4.3	1% Низкий	больше 15 лет назад
CVE-2010-0172 toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the as ...	CVSS2: 4.3	1% Низкий	больше 15 лет назад
CVE-2010-0171 Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736.	CVSS2: 4.3	1% Низкий	больше 15 лет назад
CVE-2010-0171 Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x bef ...	CVSS2: 4.3	1% Низкий	больше 15 лет назад
CVE-2010-0170 Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin.	CVSS2: 4.3	0% Низкий	больше 15 лет назад
CVE-2010-0170 Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected w ...	CVSS2: 4.3	0% Низкий	больше 15 лет назад

Уязвимостей на страницу