Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 501

CVE-2010-3169

больше 15 лет назад

Multiple unspecified vulnerabilities in the browser engine in Mozilla ...

CVSS2: 9.3

EPSS: Низкий

CVE-2010-3168

больше 15 лет назад

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties.

CVSS2: 9.3

EPSS: Низкий

CVE-2010-3168

больше 15 лет назад

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird befo ...

CVSS2: 9.3

EPSS: Низкий

CVE-2010-3167

больше 15 лет назад

The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access to deleted memory, related to a "dangling pointer vulnerability."

CVSS2: 9.3

EPSS: Низкий

CVE-2010-3167

больше 15 лет назад

The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3. ...

CVSS2: 9.3

EPSS: Низкий

CVE-2010-3166

больше 15 лет назад

Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run.

CVSS2: 9.3

EPSS: Низкий

CVE-2010-3166

больше 15 лет назад

Heap-based buffer overflow in the nsTextFrameUtils::TransformText func ...

CVSS2: 9.3

EPSS: Низкий

CVE-2010-2770

больше 15 лет назад

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted font in a data: URL.

CVSS2: 9.3

EPSS: Низкий

CVE-2010-2770

больше 15 лет назад

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird befo ...

CVSS2: 9.3

EPSS: Низкий

CVE-2010-2769

больше 15 лет назад

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled.

CVSS2: 4.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2010-3169 Multiple unspecified vulnerabilities in the browser engine in Mozilla ...	CVSS2: 9.3	3% Низкий	больше 15 лет назад
CVE-2010-3168 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties.	CVSS2: 9.3	5% Низкий	больше 15 лет назад
CVE-2010-3168 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird befo ...	CVSS2: 9.3	5% Низкий	больше 15 лет назад
CVE-2010-3167 The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access to deleted memory, related to a "dangling pointer vulnerability."	CVSS2: 9.3	5% Низкий	больше 15 лет назад
CVE-2010-3167 The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3. ...	CVSS2: 9.3	5% Низкий	больше 15 лет назад
CVE-2010-3166 Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run.	CVSS2: 9.3	6% Низкий	больше 15 лет назад
CVE-2010-3166 Heap-based buffer overflow in the nsTextFrameUtils::TransformText func ...	CVSS2: 9.3	6% Низкий	больше 15 лет назад
CVE-2010-2770 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted font in a data: URL.	CVSS2: 9.3	3% Низкий	больше 15 лет назад
CVE-2010-2770 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird befo ...	CVSS2: 9.3	3% Низкий	больше 15 лет назад
CVE-2010-2769 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled.	CVSS2: 4.3	1% Низкий	больше 15 лет назад

Уязвимостей на страницу