Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 501
CVE-2008-0417
CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password.
CVE-2008-0418
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.
CVE-2008-0415
Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs."
CVE-2008-0419
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.
CVE-2008-0412
The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors.
CVE-2008-0417
CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows ...
CVE-2008-0418
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, ...
CVE-2008-0415
Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaM ...
CVE-2008-0413
The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird ...
CVE-2008-0419
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remo ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
CVE-2008-0417 CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password. | CVSS2: 4.3 | 2% Низкий | около 18 лет назад | |
CVE-2008-0418 Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js. | CVSS2: 4.3 | 39% Средний | около 18 лет назад | |
CVE-2008-0415 Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs." | CVSS2: 4.3 | 1% Низкий | около 18 лет назад | |
CVE-2008-0419 Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles. | CVSS2: 9.3 | 19% Средний | около 18 лет назад | |
CVE-2008-0412 The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors. | CVSS2: 9.3 | 9% Низкий | около 18 лет назад | |
CVE-2008-0417 CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows ... | CVSS2: 4.3 | 2% Низкий | около 18 лет назад | |
CVE-2008-0418 Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, ... | CVSS2: 4.3 | 39% Средний | около 18 лет назад | |
CVE-2008-0415 Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaM ... | CVSS2: 4.3 | 1% Низкий | около 18 лет назад | |
CVE-2008-0413 The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird ... | CVSS2: 9.3 | 6% Низкий | около 18 лет назад | |
CVE-2008-0419 Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remo ... | CVSS2: 9.3 | 19% Средний | около 18 лет назад |
Уязвимостей на страницу