Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 501
CVE-2009-4129
Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain.
CVE-2009-4130
Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name.
CVE-2009-4129
Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain.
CVE-2009-4130
Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name.
CVE-2009-4127
Unspecified vulnerability in Wikipedia Toolbar extension before 0.5.9.2 for Firefox allows user-assisted remote attackers to execute arbitrary JavaScript with Chrome privileges via vectors involving unspecified Toolbar buttons and the eval function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4102
Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.
CVE-2009-4102
Sage 1.4.3 and earlier extension for Firefox performs certain operatio ...
CVE-2009-4101
infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.
CVE-2009-4100
Yoono extension before 6.1.1 for Firefox performs certain operations with chrome privileges, which allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload.
CVE-2009-4102
Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2009-4129 Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain. | CVSS2: 5.8 | 0% Низкий | около 16 лет назад |
| CVE-2009-4130 Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name. | CVSS2: 5.8 | 1% Низкий | около 16 лет назад |
 | CVE-2009-4129 Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain. | 0% Низкий | около 16 лет назад | |
| CVE-2009-4130 Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name. | 1% Низкий | около 16 лет назад | |
 | CVE-2009-4127 Unspecified vulnerability in Wikipedia Toolbar extension before 0.5.9.2 for Firefox allows user-assisted remote attackers to execute arbitrary JavaScript with Chrome privileges via vectors involving unspecified Toolbar buttons and the eval function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | CVSS2: 9.3 | 1% Низкий | около 16 лет назад |
| CVE-2009-4102 Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed. | CVSS2: 9.3 | 1% Низкий | около 16 лет назад |
| CVE-2009-4102 Sage 1.4.3 and earlier extension for Firefox performs certain operatio ... | CVSS2: 9.3 | 1% Низкий | около 16 лет назад |
| CVE-2009-4101 infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed. | CVSS2: 9.3 | 1% Низкий | около 16 лет назад |
| CVE-2009-4100 Yoono extension before 6.1.1 for Firefox performs certain operations with chrome privileges, which allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload. | CVSS2: 9.3 | 3% Низкий | около 16 лет назад |
| CVE-2009-4102 Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed. | CVSS2: 9.3 | 1% Низкий | около 16 лет назад |
Уязвимостей на страницу