Логотип exploitDog
product: "firefox"
Консоль
Логотип exploitDog

exploitDog

product: "firefox"
Mozilla Firefox

Mozilla Firefoxсвободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox
Вендор: mozilla

График релизов

11511611711811912012112212312412512612712812913013113213313413513613713813914014120232024202520262027

Недавние уязвимости Mozilla Firefox

Количество 14 782

redhat логотип

CVE-2006-0292

больше 19 лет назад

The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.

EPSS: Средний
redhat логотип

CVE-2006-0296

больше 19 лет назад

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

EPSS: Средний
nvd логотип

CVE-2006-0496

больше 19 лет назад

Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts.

CVSS2: 4.3
EPSS: Средний
debian логотип

CVE-2006-0496

больше 19 лет назад

Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibl ...

CVSS2: 4.3
EPSS: Средний
ubuntu логотип

CVE-2006-0496

больше 19 лет назад

Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts.

CVSS2: 4.3
EPSS: Средний
nvd логотип

CVE-2005-4685

больше 19 лет назад

Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.

CVSS2: 6.4
EPSS: Низкий
nvd логотип

CVE-2005-4809

больше 19 лет назад

Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.

CVSS2: 5
EPSS: Средний
nvd логотип

CVE-2005-4720

больше 19 лет назад

Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite loop of widget resizes and a corresponding large number of function calls on the stack.

CVSS2: 5
EPSS: Средний
debian логотип

CVE-2005-4685

больше 19 лет назад

Firefox and Mozilla can associate a cookie with multiple domains when ...

CVSS2: 6.4
EPSS: Низкий
debian логотип

CVE-2005-4809

больше 19 лет назад

Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla a ...

CVSS2: 5
EPSS: Средний

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
redhat логотип
CVE-2006-0292

The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.

10%
Средний
больше 19 лет назад
redhat логотип
CVE-2006-0296

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

41%
Средний
больше 19 лет назад
nvd логотип
CVE-2006-0496

Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts.

CVSS2: 4.3
11%
Средний
больше 19 лет назад
debian логотип
CVE-2006-0496

Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibl ...

CVSS2: 4.3
11%
Средний
больше 19 лет назад
ubuntu логотип
CVE-2006-0496

Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts.

CVSS2: 4.3
11%
Средний
больше 19 лет назад
nvd логотип
CVE-2005-4685

Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.

CVSS2: 6.4
0%
Низкий
больше 19 лет назад
nvd логотип
CVE-2005-4809

Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.

CVSS2: 5
10%
Средний
больше 19 лет назад
nvd логотип
CVE-2005-4720

Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite loop of widget resizes and a corresponding large number of function calls on the stack.

CVSS2: 5
13%
Средний
больше 19 лет назад
debian логотип
CVE-2005-4685

Firefox and Mozilla can associate a cookie with multiple domains when ...

CVSS2: 6.4
0%
Низкий
больше 19 лет назад
debian логотип
CVE-2005-4809

Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla a ...

CVSS2: 5
10%
Средний
больше 19 лет назад

Уязвимостей на страницу


Поделиться