Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 14 782
CVE-2005-0231
Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."
CVE-2005-0231
Firefox 1.0 does not invoke the Javascript Security Manager when a use ...
CVE-2005-0231
Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."
CVE-2005-0231
Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."
CVE-2005-0233
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVE-2005-0232
Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen position, aka "Fireflashing."
CVE-2005-0145
Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature.
CVE-2005-0145
Firefox before 1.0 does not properly distinguish between user-generate ...
CVE-2005-0145
Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature.
CVE-2005-0144
Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2005-0231 Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing." | CVSS2: 2.6 | 3% Низкий | больше 20 лет назад |
| CVE-2005-0231 Firefox 1.0 does not invoke the Javascript Security Manager when a use ... | CVSS2: 2.6 | 3% Низкий | больше 20 лет назад |
 | CVE-2005-0231 Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing." | CVSS2: 2.6 | 3% Низкий | больше 20 лет назад |
 | CVE-2005-0231 Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing." | 3% Низкий | больше 20 лет назад | |
| CVE-2005-0233 The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | 9% Низкий | больше 20 лет назад | |
| CVE-2005-0232 Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen position, aka "Fireflashing." | 1% Низкий | больше 20 лет назад | |
| CVE-2005-0145 Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature. | CVSS2: 2.6 | 1% Низкий | больше 20 лет назад |
| CVE-2005-0145 Firefox before 1.0 does not properly distinguish between user-generate ... | CVSS2: 2.6 | 1% Низкий | больше 20 лет назад |
| CVE-2005-0145 Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature. | CVSS2: 2.6 | 1% Низкий | больше 20 лет назад |
| CVE-2005-0144 Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks. | 1% Низкий | больше 20 лет назад |
Уязвимостей на страницу