Логотип exploitDog
product: "firefox"
Консоль
Логотип exploitDog

exploitDog

product: "firefox"
Mozilla Firefox

Mozilla Firefoxсвободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox
Вендор: mozilla

График релизов

11511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614720232024202520262027

Недавние уязвимости Mozilla Firefox

Количество 15 501

nvd логотип

CVE-2009-3370

больше 16 лет назад

Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.

CVSS2: 5
EPSS: Низкий
debian логотип

CVE-2009-3370

больше 16 лет назад

Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote a ...

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2009-3372

больше 16 лет назад

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.

CVSS2: 9.3
EPSS: Низкий
ubuntu логотип

CVE-2009-3381

больше 16 лет назад

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVSS2: 10
EPSS: Низкий
ubuntu логотип

CVE-2009-3383

больше 16 лет назад

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVSS2: 10
EPSS: Низкий
ubuntu логотип

CVE-2009-3380

больше 16 лет назад

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVSS2: 10
EPSS: Низкий
ubuntu логотип

CVE-2009-3375

больше 16 лет назад

content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2009-3376

больше 16 лет назад

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.

CVSS2: 9.3
EPSS: Низкий
ubuntu логотип

CVE-2009-3378

больше 16 лет назад

The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.

CVSS2: 9.3
EPSS: Низкий
ubuntu логотип

CVE-2009-3377

больше 16 лет назад

Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.

CVSS2: 10
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
nvd логотип
CVE-2009-3370

Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.

CVSS2: 5
1%
Низкий
больше 16 лет назад
debian логотип
CVE-2009-3370

Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote a ...

CVSS2: 5
1%
Низкий
больше 16 лет назад
ubuntu логотип
CVE-2009-3372

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.

CVSS2: 9.3
2%
Низкий
больше 16 лет назад
ubuntu логотип
CVE-2009-3381

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVSS2: 10
6%
Низкий
больше 16 лет назад
ubuntu логотип
CVE-2009-3383

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVSS2: 10
6%
Низкий
больше 16 лет назад
ubuntu логотип
CVE-2009-3380

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVSS2: 10
4%
Низкий
больше 16 лет назад
ubuntu логотип
CVE-2009-3375

content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.

CVSS2: 4.3
0%
Низкий
больше 16 лет назад
ubuntu логотип
CVE-2009-3376

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.

CVSS2: 9.3
3%
Низкий
больше 16 лет назад
ubuntu логотип
CVE-2009-3378

The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.

CVSS2: 9.3
4%
Низкий
больше 16 лет назад
ubuntu логотип
CVE-2009-3377

Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.

CVSS2: 10
8%
Низкий
больше 16 лет назад

Уязвимостей на страницу


Поделиться