Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 501

CVE-2009-3388

около 16 лет назад

liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues."

EPSS: Низкий

CVE-2009-3979

около 16 лет назад

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVSS2: 6.8

EPSS: Низкий

CVE-2009-3986

около 16 лет назад

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property.

CVSS2: 5.1

EPSS: Низкий

CVE-2009-3983

около 16 лет назад

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.

CVSS2: 4.3

EPSS: Низкий

CVE-2009-3985

около 16 лет назад

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.

CVSS2: 4.3

EPSS: Низкий

CVE-2009-3389

около 16 лет назад

Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions.

EPSS: Низкий

CVE-2009-4130

около 16 лет назад

Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name.

CVSS2: 5.8

EPSS: Низкий

CVE-2009-4130

около 16 лет назад

Visual truncation vulnerability in the MakeScriptDialogTitle function ...

CVSS2: 5.8

EPSS: Низкий

CVE-2009-4129

около 16 лет назад

Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain.

CVSS2: 5.8

EPSS: Низкий

CVE-2009-4129

около 16 лет назад

Race condition in Mozilla Firefox allows remote attackers to produce a ...

CVSS2: 5.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2009-3388 liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues."		3% Низкий	около 16 лет назад
CVE-2009-3979 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.	CVSS2: 6.8	5% Низкий	около 16 лет назад
CVE-2009-3986 Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property.	CVSS2: 5.1	2% Низкий	около 16 лет назад
CVE-2009-3983 Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.	CVSS2: 4.3	1% Низкий	около 16 лет назад
CVE-2009-3985 Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.	CVSS2: 4.3	0% Низкий	около 16 лет назад
CVE-2009-3389 Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions.		6% Низкий	около 16 лет назад
CVE-2009-4130 Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name.	CVSS2: 5.8	1% Низкий	около 16 лет назад
CVE-2009-4130 Visual truncation vulnerability in the MakeScriptDialogTitle function ...	CVSS2: 5.8	1% Низкий	около 16 лет назад
CVE-2009-4129 Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain.	CVSS2: 5.8	0% Низкий	около 16 лет назад
CVE-2009-4129 Race condition in Mozilla Firefox allows remote attackers to produce a ...	CVSS2: 5.8	0% Низкий	около 16 лет назад

Уязвимостей на страницу