Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 14 888
CVE-2008-0367
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when p ...
CVE-2008-0367
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.
CVE-2007-6589
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947.
CVE-2007-6589
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMon ...
CVE-2007-6589
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947.
CVE-2007-5960
Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.
CVE-2007-5959
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corruption.
CVE-2007-5960
Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Re ...
CVE-2007-5959
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.1 ...
CVE-2007-5960
Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2008-0367 Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when p ... | CVSS2: 5 | 1% Низкий | больше 17 лет назад |
 | CVE-2008-0367 Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks. | CVSS2: 5 | 1% Низкий | больше 17 лет назад |
 | CVE-2007-6589 The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947. | CVSS2: 4.3 | 1% Низкий | больше 17 лет назад |
| CVE-2007-6589 The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMon ... | CVSS2: 4.3 | 1% Низкий | больше 17 лет назад |
| CVE-2007-6589 The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947. | CVSS2: 4.3 | 1% Низкий | больше 17 лет назад |
| CVE-2007-5960 Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent. | CVSS2: 4.3 | 1% Низкий | почти 18 лет назад |
| CVE-2007-5959 Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corruption. | CVSS2: 9.3 | 12% Средний | почти 18 лет назад |
| CVE-2007-5960 Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Re ... | CVSS2: 4.3 | 1% Низкий | почти 18 лет назад |
| CVE-2007-5959 Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.1 ... | CVSS2: 9.3 | 12% Средний | почти 18 лет назад |
| CVE-2007-5960 Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent. | CVSS2: 4.3 | 1% Низкий | почти 18 лет назад |
Уязвимостей на страницу