Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 151

CVE-2006-6503

почти 19 лет назад

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird ...

CVSS2: 6.8

EPSS: Средний

CVE-2006-6499

почти 19 лет назад

The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x befo ...

CVSS2: 4.3

EPSS: Средний

CVE-2006-6497

почти 19 лет назад

Multiple unspecified vulnerabilities in the layout engine for Mozilla ...

CVSS2: 6.8

EPSS: Средний

CVE-2006-6500

почти 19 лет назад

Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap.

CVSS2: 6.8

EPSS: Средний

CVE-2006-6503

почти 19 лет назад

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI.

CVSS2: 6.8

EPSS: Средний

CVE-2006-6497

почти 19 лет назад

Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown attack vectors.

CVSS2: 6.8

EPSS: Средний

CVE-2006-6504

почти 19 лет назад

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.

CVSS2: 9.3

EPSS: Средний

CVE-2006-6499

почти 19 лет назад

The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.

CVSS2: 4.3

EPSS: Средний

CVE-2006-6498

почти 19 лет назад

Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.

CVSS2: 6.8

EPSS: Средний

CVE-2006-6507

почти 19 лет назад

Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass Cross-Site Scripting (XSS) protection via vectors related to a Function.prototype regression error.

CVSS2: 4.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2006-6503 Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird ...	CVSS2: 6.8	10% Средний	почти 19 лет назад
CVE-2006-6499 The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x befo ...	CVSS2: 4.3	14% Средний	почти 19 лет назад
CVE-2006-6497 Multiple unspecified vulnerabilities in the layout engine for Mozilla ...	CVSS2: 6.8	11% Средний	почти 19 лет назад
CVE-2006-6500 Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap.	CVSS2: 6.8	38% Средний	почти 19 лет назад
CVE-2006-6503 Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI.	CVSS2: 6.8	10% Средний	почти 19 лет назад
CVE-2006-6497 Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown attack vectors.	CVSS2: 6.8	11% Средний	почти 19 лет назад
CVE-2006-6504 Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.	CVSS2: 9.3	42% Средний	почти 19 лет назад
CVE-2006-6499 The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.	CVSS2: 4.3	14% Средний	почти 19 лет назад
CVE-2006-6498 Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.	CVSS2: 6.8	11% Средний	почти 19 лет назад
CVE-2006-6507 Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass Cross-Site Scripting (XSS) protection via vectors related to a Function.prototype regression error.	CVSS2: 4.3	4% Низкий	почти 19 лет назад

Уязвимостей на страницу