Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 14 782
CVE-2005-0588
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:in ...
CVE-2005-0146
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...
CVE-2005-0527
Firefox 1.0 allows remote attackers to execute arbitrary code via plug ...
CVE-2005-0255
String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbi ...
CVE-2005-0590
The installation confirmation dialog in Firefox before 1.0.1, Thunderb ...
CVE-2005-0142
Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozill ...
CVE-2005-0144
Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lo ...
CVE-2005-1159
The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.
CVE-2005-0588
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.
CVE-2005-0142
Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2005-0588 Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:in ... | CVSS2: 5 | 1% Низкий | больше 20 лет назад |
| CVE-2005-0146 Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ... | CVSS2: 5 | 1% Низкий | больше 20 лет назад |
| CVE-2005-0527 Firefox 1.0 allows remote attackers to execute arbitrary code via plug ... | CVSS2: 5.1 | 3% Низкий | больше 20 лет назад |
| CVE-2005-0255 String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbi ... | CVSS2: 5 | 8% Низкий | больше 20 лет назад |
| CVE-2005-0590 The installation confirmation dialog in Firefox before 1.0.1, Thunderb ... | CVSS2: 5 | 2% Низкий | больше 20 лет назад |
| CVE-2005-0142 Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozill ... | CVSS2: 2.1 | 0% Низкий | больше 20 лет назад |
| CVE-2005-0144 Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lo ... | CVSS2: 2.6 | 1% Низкий | больше 20 лет назад |
 | CVE-2005-1159 The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type. | CVSS2: 7.5 | 4% Низкий | больше 20 лет назад |
| CVE-2005-0588 Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system. | CVSS2: 5 | 1% Низкий | больше 20 лет назад |
| CVE-2005-0142 Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF. | CVSS2: 2.1 | 0% Низкий | больше 20 лет назад |
Уязвимостей на страницу