Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 151

CVE-2008-2799

больше 17 лет назад

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.1 ...

CVSS2: 10

EPSS: Низкий

CVE-2008-2806

больше 17 лет назад

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS ...

CVSS2: 7.5

EPSS: Низкий

CVE-2008-2801

больше 17 лет назад

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not pro ...

CVSS2: 7.5

EPSS: Низкий

CVE-2008-2811

больше 17 лет назад

The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines.

CVSS2: 10

EPSS: Средний

CVE-2008-2802

больше 17 лет назад

Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level."

CVSS2: 7.5

EPSS: Низкий

CVE-2008-2803

больше 17 лет назад

The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons.

CVSS2: 6.8

EPSS: Низкий

CVE-2008-2798

больше 17 лет назад

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.

CVSS2: 10

EPSS: Низкий

CVE-2008-2801

больше 17 лет назад

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.

CVSS2: 7.5

EPSS: Низкий

CVE-2008-2806

больше 17 лет назад

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect.

CVSS2: 7.5

EPSS: Низкий

CVE-2008-2799

больше 17 лет назад

CVSS2: 10

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2008-2799 Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.1 ...	CVSS2: 10	8% Низкий	больше 17 лет назад
CVE-2008-2806 Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS ...	CVSS2: 7.5	1% Низкий	больше 17 лет назад
CVE-2008-2801 Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not pro ...	CVSS2: 7.5	4% Низкий	больше 17 лет назад
CVE-2008-2811 The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines.	CVSS2: 10	27% Средний	больше 17 лет назад
CVE-2008-2802 Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level."	CVSS2: 7.5	7% Низкий	больше 17 лет назад
CVE-2008-2803 The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons.	CVSS2: 6.8	6% Низкий	больше 17 лет назад
CVE-2008-2798 Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.	CVSS2: 10	9% Низкий	больше 17 лет назад
CVE-2008-2801 Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.	CVSS2: 7.5	4% Низкий	больше 17 лет назад
CVE-2008-2806 Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect.	CVSS2: 7.5	1% Низкий	больше 17 лет назад
CVE-2008-2799 Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine.	CVSS2: 10	8% Низкий	больше 17 лет назад

Уязвимостей на страницу