Логотип exploitDog
product: "firefox"
Консоль
Логотип exploitDog

exploitDog

product: "firefox"
Mozilla Firefox

Mozilla Firefoxсвободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox
Вендор: mozilla

График релизов

11511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614720232024202520262027

Недавние уязвимости Mozilla Firefox

Количество 15 501

redhat логотип

CVE-2009-1304

почти 17 лет назад

The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration.

CVSS2: 6.8
EPSS: Низкий
redhat логотип

CVE-2009-1312

почти 17 лет назад

Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected.

CVSS2: 4.3
EPSS: Низкий
redhat логотип

CVE-2009-1303

почти 17 лет назад

The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.

CVSS2: 6.8
EPSS: Низкий
redhat логотип

CVE-2009-1306

почти 17 лет назад

The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2009-1232

почти 17 лет назад

Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected.

CVSS2: 4.3
EPSS: Средний
debian логотип

CVE-2009-1232

почти 17 лет назад

Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attacke ...

CVSS2: 4.3
EPSS: Средний
ubuntu логотип

CVE-2009-1232

почти 17 лет назад

Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected.

CVSS2: 4.3
EPSS: Средний
nvd логотип

CVE-2009-1169

почти 17 лет назад

The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.

CVSS2: 9.3
EPSS: Средний
debian логотип

CVE-2009-1169

почти 17 лет назад

The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox ...

CVSS2: 9.3
EPSS: Средний
ubuntu логотип

CVE-2009-1169

почти 17 лет назад

The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.

CVSS2: 9.3
EPSS: Средний

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
redhat логотип
CVE-2009-1304

The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration.

CVSS2: 6.8
7%
Низкий
почти 17 лет назад
redhat логотип
CVE-2009-1312

Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected.

CVSS2: 4.3
6%
Низкий
почти 17 лет назад
redhat логотип
CVE-2009-1303

The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.

CVSS2: 6.8
3%
Низкий
почти 17 лет назад
redhat логотип
CVE-2009-1306

The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.

CVSS2: 4.3
2%
Низкий
почти 17 лет назад
nvd логотип
CVE-2009-1232

Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected.

CVSS2: 4.3
17%
Средний
почти 17 лет назад
debian логотип
CVE-2009-1232

Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attacke ...

CVSS2: 4.3
17%
Средний
почти 17 лет назад
ubuntu логотип
CVE-2009-1232

Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected.

CVSS2: 4.3
17%
Средний
почти 17 лет назад
nvd логотип
CVE-2009-1169

The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.

CVSS2: 9.3
36%
Средний
почти 17 лет назад
debian логотип
CVE-2009-1169

The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox ...

CVSS2: 9.3
36%
Средний
почти 17 лет назад
ubuntu логотип
CVE-2009-1169

The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.

CVSS2: 9.3
36%
Средний
почти 17 лет назад

Уязвимостей на страницу


Поделиться