Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 156

CVE-2009-1310

больше 16 лет назад

Cross-site scripting (XSS) vulnerability in the MozSearch plugin imple ...

CVSS2: 4.3

EPSS: Низкий

CVE-2009-1309

больше 16 лет назад

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.

CVSS2: 4.3

EPSS: Низкий

CVE-2009-1309

больше 16 лет назад

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not proper ...

CVSS2: 4.3

EPSS: Низкий

CVE-2009-1308

больше 16 лет назад

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.

CVSS2: 4.3

EPSS: Низкий

CVE-2009-1308

больше 16 лет назад

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0 ...

CVSS2: 4.3

EPSS: Низкий

CVE-2009-1307

больше 16 лет назад

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

CVSS2: 6.8

EPSS: Низкий

CVE-2009-1307

больше 16 лет назад

The view-source: URI implementation in Mozilla Firefox before 3.0.9, T ...

CVSS2: 6.8

EPSS: Низкий

CVE-2009-1306

больше 16 лет назад

The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.

CVSS2: 4.3

EPSS: Низкий

CVE-2009-1306

больше 16 лет назад

The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbi ...

CVSS2: 4.3

EPSS: Низкий

CVE-2009-1305

больше 16 лет назад

The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.

CVSS2: 5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2009-1310 Cross-site scripting (XSS) vulnerability in the MozSearch plugin imple ...	CVSS2: 4.3	1% Низкий	больше 16 лет назад
CVE-2009-1309 Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.	CVSS2: 4.3	1% Низкий	больше 16 лет назад
CVE-2009-1309 Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not proper ...	CVSS2: 4.3	1% Низкий	больше 16 лет назад
CVE-2009-1308 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.	CVSS2: 4.3	1% Низкий	больше 16 лет назад
CVE-2009-1308 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0 ...	CVSS2: 4.3	1% Низкий	больше 16 лет назад
CVE-2009-1307 The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.	CVSS2: 6.8	1% Низкий	больше 16 лет назад
CVE-2009-1307 The view-source: URI implementation in Mozilla Firefox before 3.0.9, T ...	CVSS2: 6.8	1% Низкий	больше 16 лет назад
CVE-2009-1306 The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.	CVSS2: 4.3	1% Низкий	больше 16 лет назад
CVE-2009-1306 The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbi ...	CVSS2: 4.3	1% Низкий	больше 16 лет назад
CVE-2009-1305 The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.	CVSS2: 5	4% Низкий	больше 16 лет назад

Уязвимостей на страницу