Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 501
CVE-2009-2065
Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
CVE-2009-2065
Mozilla Firefox 3.0.10, and possibly other versions, detects http cont ...
CVE-2009-2061
Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.
CVE-2009-2061
Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response be ...
CVE-2009-2061
Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.
CVE-2009-2065
Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
CVE-2009-2044
Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element.
CVE-2009-2044
Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to ...
CVE-2009-2043
nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to interaction with TinyMCE.
CVE-2009-2043
nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows remot ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2009-2065 Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." | CVSS2: 6.8 | 0% Низкий | больше 16 лет назад |
| CVE-2009-2065 Mozilla Firefox 3.0.10, and possibly other versions, detects http cont ... | CVSS2: 6.8 | 0% Низкий | больше 16 лет назад |
| CVE-2009-2061 Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. | CVSS2: 9.3 | 0% Низкий | больше 16 лет назад |
| CVE-2009-2061 Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response be ... | CVSS2: 9.3 | 0% Низкий | больше 16 лет назад |
 | CVE-2009-2061 Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. | CVSS2: 9.3 | 0% Низкий | больше 16 лет назад |
| CVE-2009-2065 Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." | CVSS2: 6.8 | 0% Низкий | больше 16 лет назад |
| CVE-2009-2044 Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element. | CVSS2: 4.3 | 6% Низкий | больше 16 лет назад |
| CVE-2009-2044 Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to ... | CVSS2: 4.3 | 6% Низкий | больше 16 лет назад |
| CVE-2009-2043 nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to interaction with TinyMCE. | CVSS2: 4.3 | 4% Низкий | больше 16 лет назад |
| CVE-2009-2043 nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows remot ... | CVSS2: 4.3 | 4% Низкий | больше 16 лет назад |
Уязвимостей на страницу