Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 501

CVE-2008-5504

около 17 лет назад

Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836.

EPSS: Низкий

CVE-2008-5505

около 17 лет назад

Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies.

EPSS: Низкий

CVE-2008-5511

около 17 лет назад

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document."

EPSS: Низкий

CVE-2008-7293

около 17 лет назад

Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.

CVSS2: 4

EPSS: Низкий

CVE-2008-5052

около 17 лет назад

The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js.

CVSS2: 10

EPSS: Средний

CVE-2008-5052

около 17 лет назад

The AppendAttributeValue function in the JavaScript engine in Mozilla ...

CVSS2: 10

EPSS: Средний

CVE-2008-5024

около 17 лет назад

Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.

CVSS2: 7.5

EPSS: Низкий

CVE-2008-5024

около 17 лет назад

Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunder ...

CVSS2: 7.5

EPSS: Низкий

CVE-2008-5023

около 17 лет назад

Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.

CVSS2: 7.5

EPSS: Средний

CVE-2008-5023

около 17 лет назад

Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1 ...

CVSS2: 7.5

EPSS: Средний

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2008-5504 Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836.		4% Низкий	около 17 лет назад
CVE-2008-5505 Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies.		1% Низкий	около 17 лет назад
CVE-2008-5511 Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document."		2% Низкий	около 17 лет назад
CVE-2008-7293 Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.	CVSS2: 4	1% Низкий	около 17 лет назад
CVE-2008-5052 The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js.	CVSS2: 10	23% Средний	около 17 лет назад
CVE-2008-5052 The AppendAttributeValue function in the JavaScript engine in Mozilla ...	CVSS2: 10	23% Средний	около 17 лет назад
CVE-2008-5024 Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.	CVSS2: 7.5	7% Низкий	около 17 лет назад
CVE-2008-5024 Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunder ...	CVSS2: 7.5	7% Низкий	около 17 лет назад
CVE-2008-5023 Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.	CVSS2: 7.5	18% Средний	около 17 лет назад
CVE-2008-5023 Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1 ...	CVSS2: 7.5	18% Средний	около 17 лет назад

Уязвимостей на страницу