Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 156
CVE-2008-5511
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document."
CVE-2008-5511
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...
CVE-2008-5510
The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines.
CVE-2008-5510
The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0. ...
CVE-2008-5508
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks.
CVE-2008-5508
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...
CVE-2008-5507
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.
CVE-2008-5507
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...
CVE-2008-5506
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."
CVE-2008-5506
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2008-5511 Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document." | CVSS2: 4.3 | 2% Низкий | почти 17 лет назад |
| CVE-2008-5511 Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ... | CVSS2: 4.3 | 2% Низкий | почти 17 лет назад |
| CVE-2008-5510 The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines. | CVSS2: 5 | 1% Низкий | почти 17 лет назад |
| CVE-2008-5510 The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0. ... | CVSS2: 5 | 1% Низкий | почти 17 лет назад |
| CVE-2008-5508 Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks. | CVSS2: 4.3 | 2% Низкий | почти 17 лет назад |
| CVE-2008-5508 Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ... | CVSS2: 4.3 | 2% Низкий | почти 17 лет назад |
| CVE-2008-5507 Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API. | CVSS2: 6 | 1% Низкий | почти 17 лет назад |
| CVE-2008-5507 Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ... | CVSS2: 6 | 1% Низкий | почти 17 лет назад |
| CVE-2008-5506 Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure." | CVSS2: 6.8 | 1% Низкий | почти 17 лет назад |
| CVE-2008-5506 Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ... | CVSS2: 6.8 | 1% Низкий | почти 17 лет назад |
Уязвимостей на страницу