Логотип exploitDog
product: "firefox"
Консоль
Логотип exploitDog

exploitDog

product: "firefox"
Mozilla Firefox

Mozilla Firefoxсвободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox
Вендор: mozilla

График релизов

11511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614720232024202520262027

Недавние уязвимости Mozilla Firefox

Количество 15 501

redhat логотип

CVE-2009-1311

почти 17 лет назад

Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame.

CVSS2: 4.3
EPSS: Низкий
redhat логотип

CVE-2009-1305

почти 17 лет назад

The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.

CVSS2: 6.8
EPSS: Низкий
redhat логотип

CVE-2009-1307

почти 17 лет назад

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

CVSS2: 5.8
EPSS: Низкий
redhat логотип

CVE-2009-1310

почти 17 лет назад

Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.

CVSS2: 2.6
EPSS: Низкий
nvd логотип

CVE-2009-1232

почти 17 лет назад

Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected.

CVSS2: 4.3
EPSS: Средний
debian логотип

CVE-2009-1232

почти 17 лет назад

Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attacke ...

CVSS2: 4.3
EPSS: Средний
ubuntu логотип

CVE-2009-1232

почти 17 лет назад

Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected.

CVSS2: 4.3
EPSS: Средний
nvd логотип

CVE-2009-1169

почти 17 лет назад

The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.

CVSS2: 9.3
EPSS: Средний
debian логотип

CVE-2009-1169

почти 17 лет назад

The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox ...

CVSS2: 9.3
EPSS: Средний
ubuntu логотип

CVE-2009-1169

почти 17 лет назад

The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.

CVSS2: 9.3
EPSS: Средний

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
redhat логотип
CVE-2009-1311

Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame.

CVSS2: 4.3
1%
Низкий
почти 17 лет назад
redhat логотип
CVE-2009-1305

The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.

CVSS2: 6.8
5%
Низкий
почти 17 лет назад
redhat логотип
CVE-2009-1307

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

CVSS2: 5.8
1%
Низкий
почти 17 лет назад
redhat логотип
CVE-2009-1310

Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.

CVSS2: 2.6
1%
Низкий
почти 17 лет назад
nvd логотип
CVE-2009-1232

Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected.

CVSS2: 4.3
17%
Средний
почти 17 лет назад
debian логотип
CVE-2009-1232

Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attacke ...

CVSS2: 4.3
17%
Средний
почти 17 лет назад
ubuntu логотип
CVE-2009-1232

Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected.

CVSS2: 4.3
17%
Средний
почти 17 лет назад
nvd логотип
CVE-2009-1169

The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.

CVSS2: 9.3
36%
Средний
почти 17 лет назад
debian логотип
CVE-2009-1169

The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox ...

CVSS2: 9.3
36%
Средний
почти 17 лет назад
ubuntu логотип
CVE-2009-1169

The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.

CVSS2: 9.3
36%
Средний
почти 17 лет назад

Уязвимостей на страницу


Поделиться