Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 501
CVE-2009-2479
Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox.
CVE-2009-2479
Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attacke ...
CVE-2009-2478
Mozilla Firefox 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors, related to a "flash bug."
CVE-2009-2478
Mozilla Firefox 3.5 allows remote attackers to cause a denial of servi ...
CVE-2009-2478
Mozilla Firefox 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors, related to a "flash bug."
CVE-2009-2479
Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox.
CVE-2009-2477
js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements.
CVE-2009-2477
js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka ...
CVE-2009-2477
js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements.
CVE-2009-2535
Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2009-2479 Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox. | CVSS2: 7.8 | 11% Средний | больше 16 лет назад |
| CVE-2009-2479 Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attacke ... | CVSS2: 7.8 | 11% Средний | больше 16 лет назад |
| CVE-2009-2478 Mozilla Firefox 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors, related to a "flash bug." | CVSS2: 5 | 4% Низкий | больше 16 лет назад |
| CVE-2009-2478 Mozilla Firefox 3.5 allows remote attackers to cause a denial of servi ... | CVSS2: 5 | 4% Низкий | больше 16 лет назад |
 | CVE-2009-2478 Mozilla Firefox 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors, related to a "flash bug." | CVSS2: 5 | 4% Низкий | больше 16 лет назад |
| CVE-2009-2479 Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox. | CVSS2: 7.8 | 11% Средний | больше 16 лет назад |
| CVE-2009-2477 js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements. | CVSS2: 9.3 | 83% Высокий | больше 16 лет назад |
| CVE-2009-2477 js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka ... | CVSS2: 9.3 | 83% Высокий | больше 16 лет назад |
| CVE-2009-2477 js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements. | CVSS2: 9.3 | 83% Высокий | больше 16 лет назад |
 | CVE-2009-2535 Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. | CVSS2: 4.3 | 8% Низкий | больше 16 лет назад |
Уязвимостей на страницу