Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 501

CVE-2009-1836

больше 16 лет назад

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

CVSS2: 6.8

EPSS: Низкий

CVE-2009-1836

больше 16 лет назад

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMon ...

CVSS2: 6.8

EPSS: Низкий

CVE-2009-1835

больше 16 лет назад

Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning.

CVSS2: 4.3

EPSS: Низкий

CVE-2009-1835

больше 16 лет назад

Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate lo ...

CVSS2: 4.3

EPSS: Низкий

CVE-2009-1834

больше 16 лет назад

Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters.

CVSS2: 4.3

EPSS: Средний

CVE-2009-1834

больше 16 лет назад

Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in ...

CVSS2: 4.3

EPSS: Средний

CVE-2009-1833

больше 16 лет назад

The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors.

CVSS2: 9.3

EPSS: Средний

CVE-2009-1833

больше 16 лет назад

The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird be ...

CVSS2: 9.3

EPSS: Средний

CVE-2009-1832

больше 16 лет назад

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction."

CVSS2: 9.3

EPSS: Средний

CVE-2009-1832

больше 16 лет назад

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMon ...

CVSS2: 9.3

EPSS: Средний

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2009-1836 Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.	CVSS2: 6.8	2% Низкий	больше 16 лет назад
CVE-2009-1836 Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMon ...	CVSS2: 6.8	2% Низкий	больше 16 лет назад
CVE-2009-1835 Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning.	CVSS2: 4.3	2% Низкий	больше 16 лет назад
CVE-2009-1835 Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate lo ...	CVSS2: 4.3	2% Низкий	больше 16 лет назад
CVE-2009-1834 Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters.	CVSS2: 4.3	11% Средний	больше 16 лет назад
CVE-2009-1834 Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in ...	CVSS2: 4.3	11% Средний	больше 16 лет назад
CVE-2009-1833 The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors.	CVSS2: 9.3	10% Средний	больше 16 лет назад
CVE-2009-1833 The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird be ...	CVSS2: 9.3	10% Средний	больше 16 лет назад
CVE-2009-1832 Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction."	CVSS2: 9.3	10% Средний	больше 16 лет назад
CVE-2009-1832 Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMon ...	CVSS2: 9.3	10% Средний	больше 16 лет назад

Уязвимостей на страницу