Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 156

CVE-2009-0733

больше 16 лет назад

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.

CVSS2: 6.8

EPSS: Низкий

CVE-2009-0581

больше 16 лет назад

Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.

CVSS2: 4.3

EPSS: Низкий

CVE-2009-0821

больше 16 лет назад

Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print function, as demonstrated by a window.print(window.print()) in the onclick attribute of an INPUT element.

CVSS2: 5

EPSS: Низкий

CVE-2009-0821

больше 16 лет назад

Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause ...

CVSS2: 5

EPSS: Низкий

CVE-2009-0777

больше 16 лет назад

Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.

CVSS2: 5.8

EPSS: Низкий

CVE-2009-0777

больше 16 лет назад

Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonk ...

CVSS2: 5.8

EPSS: Низкий

CVE-2009-0776

больше 16 лет назад

nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.

CVSS2: 7.1

EPSS: Низкий

CVE-2009-0776

больше 16 лет назад

nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0. ...

CVSS2: 7.1

EPSS: Низкий

CVE-2009-0775

больше 16 лет назад

Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.

CVSS2: 10

EPSS: Низкий

CVE-2009-0775

больше 16 лет назад

Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird ...

CVSS2: 10

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2009-0733 Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.	CVSS2: 6.8	2% Низкий	больше 16 лет назад
CVE-2009-0581 Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.	CVSS2: 4.3	2% Низкий	больше 16 лет назад
CVE-2009-0821 Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print function, as demonstrated by a window.print(window.print()) in the onclick attribute of an INPUT element.	CVSS2: 5	3% Низкий	больше 16 лет назад
CVE-2009-0821 Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause ...	CVSS2: 5	3% Низкий	больше 16 лет назад
CVE-2009-0777 Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.	CVSS2: 5.8	2% Низкий	больше 16 лет назад
CVE-2009-0777 Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonk ...	CVSS2: 5.8	2% Низкий	больше 16 лет назад
CVE-2009-0776 nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.	CVSS2: 7.1	1% Низкий	больше 16 лет назад
CVE-2009-0776 nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0. ...	CVSS2: 7.1	1% Низкий	больше 16 лет назад
CVE-2009-0775 Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.	CVSS2: 10	7% Низкий	больше 16 лет назад
CVE-2009-0775 Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird ...	CVSS2: 10	7% Низкий	больше 16 лет назад

Уязвимостей на страницу