Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 156

CVE-2009-1839

больше 16 лет назад

Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with ...

CVSS2: 5.4

EPSS: Средний

CVE-2009-1838

больше 16 лет назад

The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.

CVSS2: 9.3

EPSS: Низкий

CVE-2009-1838

больше 16 лет назад

The garbage-collection implementation in Mozilla Firefox before 3.0.11 ...

CVSS2: 9.3

EPSS: Низкий

CVE-2009-1837

больше 16 лет назад

Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.

CVSS3: 7.5

EPSS: Низкий

CVE-2009-1837

больше 16 лет назад

Race condition in the NPObjWrapper_NewResolve function in modules/plug ...

CVSS3: 7.5

EPSS: Низкий

CVE-2009-1836

больше 16 лет назад

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

CVSS2: 6.8

EPSS: Низкий

CVE-2009-1836

больше 16 лет назад

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMon ...

CVSS2: 6.8

EPSS: Низкий

CVE-2009-1835

больше 16 лет назад

Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning.

CVSS2: 4.3

EPSS: Низкий

CVE-2009-1835

больше 16 лет назад

Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate lo ...

CVSS2: 4.3

EPSS: Низкий

CVE-2009-1834

больше 16 лет назад

Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters.

CVSS2: 4.3

EPSS: Средний

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2009-1839 Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with ...	CVSS2: 5.4	15% Средний	больше 16 лет назад
CVE-2009-1838 The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.	CVSS2: 9.3	5% Низкий	больше 16 лет назад
CVE-2009-1838 The garbage-collection implementation in Mozilla Firefox before 3.0.11 ...	CVSS2: 9.3	5% Низкий	больше 16 лет назад
CVE-2009-1837 Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.	CVSS3: 7.5	2% Низкий	больше 16 лет назад
CVE-2009-1837 Race condition in the NPObjWrapper_NewResolve function in modules/plug ...	CVSS3: 7.5	2% Низкий	больше 16 лет назад
CVE-2009-1836 Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.	CVSS2: 6.8	2% Низкий	больше 16 лет назад
CVE-2009-1836 Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMon ...	CVSS2: 6.8	2% Низкий	больше 16 лет назад
CVE-2009-1835 Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning.	CVSS2: 4.3	2% Низкий	больше 16 лет назад
CVE-2009-1835 Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate lo ...	CVSS2: 4.3	2% Низкий	больше 16 лет назад
CVE-2009-1834 Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters.	CVSS2: 4.3	15% Средний	больше 16 лет назад

Уязвимостей на страницу