Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 501

CVE-2010-2769

больше 15 лет назад

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5 ...

CVSS2: 4.3

EPSS: Низкий

CVE-2010-2768

больше 15 лет назад

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding.

CVSS2: 4.3

EPSS: Низкий

CVE-2010-2768

больше 15 лет назад

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird befo ...

CVSS2: 4.3

EPSS: Низкий

CVE-2010-2767

больше 15 лет назад

The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability."

CVSS2: 9.3

EPSS: Низкий

CVE-2010-2767

больше 15 лет назад

The navigator.plugins implementation in Mozilla Firefox before 3.5.12 ...

CVSS2: 9.3

EPSS: Низкий

CVE-2010-2766

больше 15 лет назад

The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object.

CVSS2: 9.3

EPSS: Низкий

CVE-2010-2766

больше 15 лет назад

The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3. ...

CVSS2: 9.3

EPSS: Низкий

CVE-2010-2765

больше 15 лет назад

Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow.

CVSS2: 9.3

EPSS: Низкий

CVE-2010-2765

больше 15 лет назад

Integer overflow in the FRAMESET element implementation in Mozilla Fir ...

CVSS2: 9.3

EPSS: Низкий

CVE-2010-2764

больше 15 лет назад

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests.

CVSS2: 4.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2010-2769 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5 ...	CVSS2: 4.3	1% Низкий	больше 15 лет назад
CVE-2010-2768 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding.	CVSS2: 4.3	2% Низкий	больше 15 лет назад
CVE-2010-2768 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird befo ...	CVSS2: 4.3	2% Низкий	больше 15 лет назад
CVE-2010-2767 The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability."	CVSS2: 9.3	5% Низкий	больше 15 лет назад
CVE-2010-2767 The navigator.plugins implementation in Mozilla Firefox before 3.5.12 ...	CVSS2: 9.3	5% Низкий	больше 15 лет назад
CVE-2010-2766 The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object.	CVSS2: 9.3	5% Низкий	больше 15 лет назад
CVE-2010-2766 The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3. ...	CVSS2: 9.3	5% Низкий	больше 15 лет назад
CVE-2010-2765 Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow.	CVSS2: 9.3	4% Низкий	больше 15 лет назад
CVE-2010-2765 Integer overflow in the FRAMESET element implementation in Mozilla Fir ...	CVSS2: 9.3	4% Низкий	больше 15 лет назад
CVE-2010-2764 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests.	CVSS2: 4.3	1% Низкий	больше 15 лет назад

Уязвимостей на страницу