Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 501

CVE-2008-0417

около 18 лет назад

CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password.

CVSS2: 4.3

EPSS: Низкий

CVE-2008-0418

около 18 лет назад

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.

CVSS2: 4.3

EPSS: Средний

CVE-2008-0415

около 18 лет назад

Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs."

CVSS2: 4.3

EPSS: Низкий

CVE-2008-0419

около 18 лет назад

Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.

CVSS2: 9.3

EPSS: Средний

CVE-2008-0412

около 18 лет назад

The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors.

CVSS2: 9.3

EPSS: Низкий

CVE-2008-0417

около 18 лет назад

CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows ...

CVSS2: 4.3

EPSS: Низкий

CVE-2008-0418

около 18 лет назад

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, ...

CVSS2: 4.3

EPSS: Средний

CVE-2008-0415

около 18 лет назад

Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaM ...

CVSS2: 4.3

EPSS: Низкий

CVE-2008-0413

около 18 лет назад

The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird ...

CVSS2: 9.3

EPSS: Низкий

CVE-2008-0419

около 18 лет назад

Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remo ...

CVSS2: 9.3

EPSS: Средний

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2008-0417 CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password.	CVSS2: 4.3	2% Низкий	около 18 лет назад
CVE-2008-0418 Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.	CVSS2: 4.3	39% Средний	около 18 лет назад
CVE-2008-0415 Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs."	CVSS2: 4.3	1% Низкий	около 18 лет назад
CVE-2008-0419 Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.	CVSS2: 9.3	19% Средний	около 18 лет назад
CVE-2008-0412 The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors.	CVSS2: 9.3	9% Низкий	около 18 лет назад
CVE-2008-0417 CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows ...	CVSS2: 4.3	2% Низкий	около 18 лет назад
CVE-2008-0418 Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, ...	CVSS2: 4.3	39% Средний	около 18 лет назад
CVE-2008-0415 Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaM ...	CVSS2: 4.3	1% Низкий	около 18 лет назад
CVE-2008-0413 The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird ...	CVSS2: 9.3	6% Низкий	около 18 лет назад
CVE-2008-0419 Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remo ...	CVSS2: 9.3	19% Средний	около 18 лет назад

Уязвимостей на страницу