Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 501

CVE-2009-1307

почти 17 лет назад

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

CVSS2: 6.8

EPSS: Низкий

CVE-2009-1307

почти 17 лет назад

The view-source: URI implementation in Mozilla Firefox before 3.0.9, T ...

CVSS2: 6.8

EPSS: Низкий

CVE-2009-1306

почти 17 лет назад

The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.

CVSS2: 4.3

EPSS: Низкий

CVE-2009-1306

почти 17 лет назад

The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbi ...

CVSS2: 4.3

EPSS: Низкий

CVE-2009-1305

почти 17 лет назад

The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.

CVSS2: 5

EPSS: Низкий

CVE-2009-1305

почти 17 лет назад

The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird bef ...

CVSS2: 5

EPSS: Низкий

CVE-2009-1304

почти 17 лет назад

The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration.

CVSS2: 5

EPSS: Низкий

CVE-2009-1304

почти 17 лет назад

The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird ...

CVSS2: 5

EPSS: Низкий

CVE-2009-1303

почти 17 лет назад

The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.

CVSS2: 5

EPSS: Низкий

CVE-2009-1303

почти 17 лет назад

The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before ...

CVSS2: 5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2009-1307 The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.	CVSS2: 6.8	1% Низкий	почти 17 лет назад
CVE-2009-1307 The view-source: URI implementation in Mozilla Firefox before 3.0.9, T ...	CVSS2: 6.8	1% Низкий	почти 17 лет назад
CVE-2009-1306 The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.	CVSS2: 4.3	2% Низкий	почти 17 лет назад
CVE-2009-1306 The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbi ...	CVSS2: 4.3	2% Низкий	почти 17 лет назад
CVE-2009-1305 The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.	CVSS2: 5	5% Низкий	почти 17 лет назад
CVE-2009-1305 The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird bef ...	CVSS2: 5	5% Низкий	почти 17 лет назад
CVE-2009-1304 The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration.	CVSS2: 5	7% Низкий	почти 17 лет назад
CVE-2009-1304 The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird ...	CVSS2: 5	7% Низкий	почти 17 лет назад
CVE-2009-1303 The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.	CVSS2: 5	3% Низкий	почти 17 лет назад
CVE-2009-1303 The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before ...	CVSS2: 5	3% Низкий	почти 17 лет назад

Уязвимостей на страницу