Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 501

CVE-2009-1841

больше 16 лет назад

js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter.

CVSS2: 9.3

EPSS: Низкий

CVE-2009-1841

больше 16 лет назад

js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3 ...

CVSS2: 9.3

EPSS: Низкий

CVE-2009-1840

больше 16 лет назад

Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page.

CVSS2: 9.3

EPSS: Низкий

CVE-2009-1840

больше 16 лет назад

Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check ...

CVSS2: 9.3

EPSS: Низкий

CVE-2009-1839

больше 16 лет назад

Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack.

CVSS2: 5.4

EPSS: Средний

CVE-2009-1839

больше 16 лет назад

Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with ...

CVSS2: 5.4

EPSS: Средний

CVE-2009-1838

больше 16 лет назад

The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.

CVSS2: 9.3

EPSS: Низкий

CVE-2009-1838

больше 16 лет назад

The garbage-collection implementation in Mozilla Firefox before 3.0.11 ...

CVSS2: 9.3

EPSS: Низкий

CVE-2009-1837

больше 16 лет назад

Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.

CVSS3: 7.5

EPSS: Низкий

CVE-2009-1837

больше 16 лет назад

Race condition in the NPObjWrapper_NewResolve function in modules/plug ...

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2009-1841 js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter.	CVSS2: 9.3	4% Низкий	больше 16 лет назад
CVE-2009-1841 js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3 ...	CVSS2: 9.3	4% Низкий	больше 16 лет назад
CVE-2009-1840 Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page.	CVSS2: 9.3	1% Низкий	больше 16 лет назад
CVE-2009-1840 Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check ...	CVSS2: 9.3	1% Низкий	больше 16 лет назад
CVE-2009-1839 Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack.	CVSS2: 5.4	15% Средний	больше 16 лет назад
CVE-2009-1839 Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with ...	CVSS2: 5.4	15% Средний	больше 16 лет назад
CVE-2009-1838 The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.	CVSS2: 9.3	5% Низкий	больше 16 лет назад
CVE-2009-1838 The garbage-collection implementation in Mozilla Firefox before 3.0.11 ...	CVSS2: 9.3	5% Низкий	больше 16 лет назад
CVE-2009-1837 Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.	CVSS3: 7.5	2% Низкий	больше 16 лет назад
CVE-2009-1837 Race condition in the NPObjWrapper_NewResolve function in modules/plug ...	CVSS3: 7.5	2% Низкий	больше 16 лет назад

Уязвимостей на страницу