Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 501

CVE-2006-6499

около 19 лет назад

The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x befo ...

CVSS2: 4.3

EPSS: Средний

CVE-2006-6501

около 19 лет назад

Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...

CVSS2: 6.8

EPSS: Средний

CVE-2006-6500

около 19 лет назад

Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5. ...

CVSS2: 6.8

EPSS: Средний

CVE-2006-6504

около 19 лет назад

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.

CVSS2: 9.3

EPSS: Средний

CVE-2006-6507

около 19 лет назад

Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass Cross-Site Scripting (XSS) protection via vectors related to a Function.prototype regression error.

CVSS2: 4.3

EPSS: Низкий

CVE-2006-6500

около 19 лет назад

Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap.

CVSS2: 6.8

EPSS: Средний

CVE-2006-6499

около 19 лет назад

The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.

CVSS2: 4.3

EPSS: Средний

CVE-2006-6502

около 19 лет назад

Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown vectors.

CVSS2: 7.1

EPSS: Средний

CVE-2006-6498

около 19 лет назад

Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.

CVSS2: 6.8

EPSS: Средний

CVE-2006-6501

около 19 лет назад

Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function.

CVSS2: 6.8

EPSS: Средний

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2006-6499 The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x befo ...	CVSS2: 4.3	14% Средний	около 19 лет назад
CVE-2006-6501 Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...	CVSS2: 6.8	26% Средний	около 19 лет назад
CVE-2006-6500 Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5. ...	CVSS2: 6.8	38% Средний	около 19 лет назад
CVE-2006-6504 Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.	CVSS2: 9.3	42% Средний	около 19 лет назад
CVE-2006-6507 Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass Cross-Site Scripting (XSS) protection via vectors related to a Function.prototype regression error.	CVSS2: 4.3	6% Низкий	около 19 лет назад
CVE-2006-6500 Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap.	CVSS2: 6.8	38% Средний	около 19 лет назад
CVE-2006-6499 The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.	CVSS2: 4.3	14% Средний	около 19 лет назад
CVE-2006-6502 Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown vectors.	CVSS2: 7.1	21% Средний	около 19 лет назад
CVE-2006-6498 Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.	CVSS2: 6.8	11% Средний	около 19 лет назад
CVE-2006-6501 Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function.	CVSS2: 6.8	26% Средний	около 19 лет назад

Уязвимостей на страницу