Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 14 600

CVE-2005-0146

около 20 лет назад

Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation.

CVSS2: 5

EPSS: Низкий

CVE-2005-0578

около 20 лет назад

Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.

CVSS2: 2.1

EPSS: Низкий

CVE-2005-1159

около 20 лет назад

The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.

CVSS2: 7.5

EPSS: Низкий

CVE-2005-0586

около 20 лет назад

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.

CVSS2: 2.6

EPSS: Низкий

CVE-2005-1156

около 20 лет назад

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."

CVSS2: 7.5

EPSS: Низкий

CVE-2005-1160

около 20 лет назад

The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.

CVSS2: 5.1

EPSS: Низкий

CVE-2005-0401

около 20 лет назад

FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."

CVSS2: 5.1

EPSS: Низкий

CVE-2005-0527

около 20 лет назад

Firefox 1.0 allows remote attackers to execute arbitrary code via plug ...

CVSS2: 5.1

EPSS: Низкий

CVE-2005-0590

около 20 лет назад

The installation confirmation dialog in Firefox before 1.0.1, Thunderb ...

CVSS2: 5

EPSS: Низкий

CVE-2005-0146

около 20 лет назад

Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...

CVSS2: 5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2005-0146 Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation.	CVSS2: 5	1% Низкий	около 20 лет назад
CVE-2005-0578 Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.	CVSS2: 2.1	0% Низкий	около 20 лет назад
CVE-2005-1159 The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.	CVSS2: 7.5	4% Низкий	около 20 лет назад
CVE-2005-0586 Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.	CVSS2: 2.6	1% Низкий	около 20 лет назад
CVE-2005-1156 Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."	CVSS2: 7.5	7% Низкий	около 20 лет назад
CVE-2005-1160 The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.	CVSS2: 5.1	4% Низкий	около 20 лет назад
CVE-2005-0401 FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."	CVSS2: 5.1	4% Низкий	около 20 лет назад
CVE-2005-0527 Firefox 1.0 allows remote attackers to execute arbitrary code via plug ...	CVSS2: 5.1	3% Низкий	около 20 лет назад
CVE-2005-0590 The installation confirmation dialog in Firefox before 1.0.1, Thunderb ...	CVSS2: 5	2% Низкий	около 20 лет назад
CVE-2005-0146 Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...	CVSS2: 5	1% Низкий	около 20 лет назад

Уязвимостей на страницу