Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 220

CVE-2009-2471

больше 16 лет назад

The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper.

CVSS2: 10

EPSS: Низкий

CVE-2009-2471

больше 16 лет назад

The setTimeout function in Mozilla Firefox before 3.0.12 does not prop ...

CVSS2: 10

EPSS: Низкий

CVE-2009-2469

больше 16 лет назад

Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted document, related to a certain pointer misinterpretation.

CVSS2: 10

EPSS: Низкий

CVE-2009-2469

больше 16 лет назад

Mozilla Firefox before 3.0.12 does not properly handle an SVG element ...

CVSS2: 10

EPSS: Низкий

CVE-2009-2468

больше 16 лет назад

Integer overflow in Apple CoreGraphics, as used in Safari before 4.0.3, Mozilla Firefox before 3.0.12, and Mac OS X 10.4.11 and 10.5.8, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long text run that triggers a heap-based buffer overflow during font glyph rendering, a related issue to CVE-2009-1194.

CVSS2: 10

EPSS: Средний

CVE-2009-2467

больше 16 лет назад

Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a Flash object, a slow script dialog, and the unloading of the Flash plugin, which triggers attempted use of a deleted object.

CVSS2: 10

EPSS: Низкий

CVE-2009-2467

больше 16 лет назад

Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attac ...

CVSS2: 10

EPSS: Низкий

CVE-2009-2466

больше 16 лет назад

The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsDOMClassInfo.cpp, (2) JS_HashTableRawLookup, and (3) MirrorWrappedNativeParent and js_LockGCThingRT.

CVSS2: 10

EPSS: Низкий

CVE-2009-2466

больше 16 лет назад

The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird ...

CVSS2: 10

EPSS: Низкий

CVE-2009-2465

больше 16 лет назад

Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cpp, (2) nsXMLContentSink.cpp, and (3) nsPresShell.cpp, and the nsSubDocumentFrame::Reflow function.

CVSS2: 10

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2009-2471 The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper.	CVSS2: 10	2% Низкий	больше 16 лет назад
CVE-2009-2471 The setTimeout function in Mozilla Firefox before 3.0.12 does not prop ...	CVSS2: 10	2% Низкий	больше 16 лет назад
CVE-2009-2469 Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted document, related to a certain pointer misinterpretation.	CVSS2: 10	4% Низкий	больше 16 лет назад
CVE-2009-2469 Mozilla Firefox before 3.0.12 does not properly handle an SVG element ...	CVSS2: 10	4% Низкий	больше 16 лет назад
CVE-2009-2468 Integer overflow in Apple CoreGraphics, as used in Safari before 4.0.3, Mozilla Firefox before 3.0.12, and Mac OS X 10.4.11 and 10.5.8, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long text run that triggers a heap-based buffer overflow during font glyph rendering, a related issue to CVE-2009-1194.	CVSS2: 10	24% Средний	больше 16 лет назад
CVE-2009-2467 Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a Flash object, a slow script dialog, and the unloading of the Flash plugin, which triggers attempted use of a deleted object.	CVSS2: 10	5% Низкий	больше 16 лет назад
CVE-2009-2467 Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attac ...	CVSS2: 10	5% Низкий	больше 16 лет назад
CVE-2009-2466 The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsDOMClassInfo.cpp, (2) JS_HashTableRawLookup, and (3) MirrorWrappedNativeParent and js_LockGCThingRT.	CVSS2: 10	5% Низкий	больше 16 лет назад
CVE-2009-2466 The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird ...	CVSS2: 10	5% Низкий	больше 16 лет назад
CVE-2009-2465 Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cpp, (2) nsXMLContentSink.cpp, and (3) nsPresShell.cpp, and the nsSubDocumentFrame::Reflow function.	CVSS2: 10	5% Низкий	больше 16 лет назад

Уязвимостей на страницу