Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 501

CVE-2008-5016

около 17 лет назад

The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences.

CVSS2: 5

EPSS: Средний

CVE-2008-5016

около 17 лет назад

The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x ...

CVSS2: 5

EPSS: Средний

CVE-2008-5015

около 17 лет назад

Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system.

CVSS2: 5.1

EPSS: Низкий

CVE-2008-5015

около 17 лет назад

Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: ...

CVSS2: 5.1

EPSS: Низкий

CVE-2008-5014

около 17 лет назад

jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.

CVSS2: 10

EPSS: Средний

CVE-2008-5014

около 17 лет назад

jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0 ...

CVSS2: 10

EPSS: Средний

CVE-2008-5013

около 17 лет назад

Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address.

CVSS2: 9.3

EPSS: Средний

CVE-2008-5013

около 17 лет назад

Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do ...

CVSS2: 9.3

EPSS: Средний

CVE-2008-5012

около 17 лет назад

Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.

CVSS2: 5

EPSS: Низкий

CVE-2008-5012

около 17 лет назад

Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, ...

CVSS2: 5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2008-5016 The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences.	CVSS2: 5	21% Средний	около 17 лет назад
CVE-2008-5016 The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x ...	CVSS2: 5	21% Средний	около 17 лет назад
CVE-2008-5015 Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system.	CVSS2: 5.1	6% Низкий	около 17 лет назад
CVE-2008-5015 Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: ...	CVSS2: 5.1	6% Низкий	около 17 лет назад
CVE-2008-5014 jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.	CVSS2: 10	25% Средний	около 17 лет назад
CVE-2008-5014 jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0 ...	CVSS2: 10	25% Средний	около 17 лет назад
CVE-2008-5013 Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address.	CVSS2: 9.3	24% Средний	около 17 лет назад
CVE-2008-5013 Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do ...	CVSS2: 9.3	24% Средний	около 17 лет назад
CVE-2008-5012 Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.	CVSS2: 5	6% Низкий	около 17 лет назад
CVE-2008-5012 Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, ...	CVSS2: 5	6% Низкий	около 17 лет назад

Уязвимостей на страницу