Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 501

CVE-2010-1585

почти 16 лет назад

The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFrag ...

CVSS2: 9.3

EPSS: Низкий

CVE-2010-1585

почти 16 лет назад

The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element.

CVSS2: 9.3

EPSS: Низкий

CVE-2010-0182

почти 16 лет назад

The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content.

CVSS2: 4.3

EPSS: Низкий

CVE-2010-0182

почти 16 лет назад

The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6 ...

CVSS2: 4.3

EPSS: Низкий

CVE-2010-0181

почти 16 лет назад

Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images.

CVSS2: 4.3

EPSS: Низкий

CVE-2010-0181

почти 16 лет назад

Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey bef ...

CVSS2: 4.3

EPSS: Низкий

CVE-2010-0179

почти 16 лет назад

Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response.

CVSS2: 5.1

EPSS: Низкий

CVE-2010-0179

почти 16 лет назад

Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey be ...

CVSS2: 5.1

EPSS: Низкий

CVE-2010-0178

почти 16 лет назад

Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL.

CVSS2: 7.6

EPSS: Низкий

CVE-2010-0178

почти 16 лет назад

Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3. ...

CVSS2: 7.6

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2010-1585 The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFrag ...	CVSS2: 9.3	1% Низкий	почти 16 лет назад
CVE-2010-1585 The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element.	CVSS2: 9.3	1% Низкий	почти 16 лет назад
CVE-2010-0182 The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content.	CVSS2: 4.3	1% Низкий	почти 16 лет назад
CVE-2010-0182 The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6 ...	CVSS2: 4.3	1% Низкий	почти 16 лет назад
CVE-2010-0181 Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images.	CVSS2: 4.3	3% Низкий	почти 16 лет назад
CVE-2010-0181 Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey bef ...	CVSS2: 4.3	3% Низкий	почти 16 лет назад
CVE-2010-0179 Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response.	CVSS2: 5.1	1% Низкий	почти 16 лет назад
CVE-2010-0179 Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey be ...	CVSS2: 5.1	1% Низкий	почти 16 лет назад
CVE-2010-0178 Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL.	CVSS2: 7.6	5% Низкий	почти 16 лет назад
CVE-2010-0178 Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3. ...	CVSS2: 7.6	5% Низкий	почти 16 лет назад

Уязвимостей на страницу