Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 151

CVE-2008-0415

почти 18 лет назад

Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs."

CVSS2: 4.3

EPSS: Низкий

CVE-2008-0413

почти 18 лет назад

The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors.

CVSS2: 9.3

EPSS: Низкий

CVE-2008-0412

почти 18 лет назад

The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors.

CVSS2: 9.3

EPSS: Низкий

CVE-2008-0419

почти 18 лет назад

Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.

CVSS2: 9.3

EPSS: Средний

CVE-2008-0414

почти 18 лет назад

Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing."

CVSS2: 4.3

EPSS: Низкий

CVE-2008-0417

почти 18 лет назад

CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows ...

CVSS2: 4.3

EPSS: Низкий

CVE-2008-0414

почти 18 лет назад

Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user ...

CVSS2: 4.3

EPSS: Низкий

CVE-2008-0413

почти 18 лет назад

The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird ...

CVSS2: 9.3

EPSS: Низкий

CVE-2008-0415

почти 18 лет назад

Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaM ...

CVSS2: 4.3

EPSS: Низкий

CVE-2008-0419

почти 18 лет назад

Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remo ...

CVSS2: 9.3

EPSS: Средний

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2008-0415 Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs."	CVSS2: 4.3	1% Низкий	почти 18 лет назад
CVE-2008-0413 The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors.	CVSS2: 9.3	6% Низкий	почти 18 лет назад
CVE-2008-0412 The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors.	CVSS2: 9.3	9% Низкий	почти 18 лет назад
CVE-2008-0419 Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.	CVSS2: 9.3	19% Средний	почти 18 лет назад
CVE-2008-0414 Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing."	CVSS2: 4.3	2% Низкий	почти 18 лет назад
CVE-2008-0417 CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows ...	CVSS2: 4.3	2% Низкий	почти 18 лет назад
CVE-2008-0414 Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user ...	CVSS2: 4.3	2% Низкий	почти 18 лет назад
CVE-2008-0413 The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird ...	CVSS2: 9.3	6% Низкий	почти 18 лет назад
CVE-2008-0415 Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaM ...	CVSS2: 4.3	1% Низкий	почти 18 лет назад
CVE-2008-0419 Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remo ...	CVSS2: 9.3	19% Средний	почти 18 лет назад

Уязвимостей на страницу