Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 151
CVE-2008-3444
The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows r ...
CVE-2008-3444
The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted but well-formed web page that contains "a simple set of legitimate HTML tags."
CVE-2007-3845
Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."
CVE-2008-2934
Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer.
CVE-2008-2934
Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to ...
CVE-2008-2934
Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer.
CVE-2008-2933
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267.
CVE-2008-3198
Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. NOTE: this can be leveraged to execute arbitrary code using CVE-2008-2933.
CVE-2008-3198
Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arb ...
CVE-2008-2933
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2008-3444 The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows r ... | CVSS2: 4.3 | 1% Низкий | больше 17 лет назад |
 | CVE-2008-3444 The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted but well-formed web page that contains "a simple set of legitimate HTML tags." | CVSS2: 4.3 | 1% Низкий | больше 17 лет назад |
 | CVE-2007-3845 Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler." | CVSS3: 8.8 | 43% Средний | больше 17 лет назад |
 | CVE-2008-2934 Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer. | CVSS3: 8.8 | 6% Низкий | больше 17 лет назад |
| CVE-2008-2934 Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to ... | CVSS3: 8.8 | 6% Низкий | больше 17 лет назад |
| CVE-2008-2934 Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer. | CVSS3: 8.8 | 6% Низкий | больше 17 лет назад |
| CVE-2008-2933 Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267. | CVSS2: 2.6 | 7% Низкий | больше 17 лет назад |
| CVE-2008-3198 Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. NOTE: this can be leveraged to execute arbitrary code using CVE-2008-2933. | CVSS2: 7.5 | 1% Низкий | больше 17 лет назад |
| CVE-2008-3198 Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arb ... | CVSS2: 7.5 | 1% Низкий | больше 17 лет назад |
| CVE-2008-2933 Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' ... | CVSS2: 2.6 | 7% Низкий | больше 17 лет назад |
Уязвимостей на страницу