Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 14 857

CVE-2006-6971

больше 18 лет назад

Mozilla Firefox 2.0, possibly only when running on Windows, allows rem ...

CVSS2: 5

EPSS: Низкий

CVE-2007-0802

больше 18 лет назад

Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing ...

CVSS2: 6.4

EPSS: Низкий

CVE-2007-0800

больше 18 лет назад

Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked ...

CVSS2: 4.3

EPSS: Низкий

CVE-2007-0800

больше 18 лет назад

Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.

CVSS2: 4.3

EPSS: Низкий

CVE-2007-0801

больше 18 лет назад

The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest.

CVSS2: 4.3

EPSS: Низкий

CVE-2007-0802

больше 18 лет назад

Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter.

CVSS2: 6.4

EPSS: Низкий

CVE-2007-0009

больше 18 лет назад

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.

EPSS: Средний

CVE-2007-0008

больше 18 лет назад

Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.

EPSS: Средний

CVE-2007-6715

больше 18 лет назад

Mozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case.

EPSS: Низкий

CVE-2006-6504

больше 18 лет назад

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.

CVSS2: 9.3

EPSS: Средний

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2006-6971 Mozilla Firefox 2.0, possibly only when running on Windows, allows rem ...	CVSS2: 5	0% Низкий	больше 18 лет назад
CVE-2007-0802 Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing ...	CVSS2: 6.4	1% Низкий	больше 18 лет назад
CVE-2007-0800 Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked ...	CVSS2: 4.3	4% Низкий	больше 18 лет назад
CVE-2007-0800 Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.	CVSS2: 4.3	4% Низкий	больше 18 лет назад
CVE-2007-0801 The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest.	CVSS2: 4.3	1% Низкий	больше 18 лет назад
CVE-2007-0802 Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter.	CVSS2: 6.4	1% Низкий	больше 18 лет назад
CVE-2007-0009 Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.		49% Средний	больше 18 лет назад
CVE-2007-0008 Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.		17% Средний	больше 18 лет назад
CVE-2007-6715 Mozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case.		1% Низкий	больше 18 лет назад
CVE-2006-6504 Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.	CVSS2: 9.3	42% Средний	больше 18 лет назад

Уязвимостей на страницу