Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 501
CVE-2007-1092
Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow ...
CVE-2007-1095
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not prope ...
CVE-2007-1092
Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.
CVE-2007-1095
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.
CVE-2007-1084
Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.
CVE-2007-1084
Mozilla Firefox 2.0.0.1 and earlier does not prompt users before savin ...
CVE-2007-1084
Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.
CVE-2007-1092
Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.
CVE-2007-0800
Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.
CVE-2007-0780
browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2007-1092 Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow ... | CVSS2: 9.3 | 29% Средний | почти 19 лет назад |
| CVE-2007-1095 Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not prope ... | CVSS2: 6.8 | 4% Низкий | почти 19 лет назад |
 | CVE-2007-1092 Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects. | CVSS2: 9.3 | 29% Средний | почти 19 лет назад |
| CVE-2007-1095 Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client. | CVSS2: 6.8 | 4% Низкий | почти 19 лет назад |
 | CVE-2007-1084 Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page. | CVSS2: 6.8 | 1% Низкий | почти 19 лет назад |
| CVE-2007-1084 Mozilla Firefox 2.0.0.1 and earlier does not prompt users before savin ... | CVSS2: 6.8 | 1% Низкий | почти 19 лет назад |
| CVE-2007-1084 Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page. | CVSS2: 6.8 | 1% Низкий | почти 19 лет назад |
 | CVE-2007-1092 Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects. | 29% Средний | почти 19 лет назад | |
| CVE-2007-0800 Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup. | 4% Низкий | почти 19 лет назад | |
| CVE-2007-0780 browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI. | 2% Низкий | почти 19 лет назад |
Уязвимостей на страницу