Логотип exploitDog
product: "firefox"
Консоль
Логотип exploitDog

exploitDog

product: "firefox"
Mozilla Firefox

Mozilla Firefoxсвободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox
Вендор: mozilla

График релизов

11511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614720232024202520262027

Недавние уязвимости Mozilla Firefox

Количество 15 425

redhat логотип

CVE-2006-3809

больше 19 лет назад

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context.

EPSS: Низкий
redhat логотип

CVE-2006-3801

больше 19 лет назад

Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code.

EPSS: Средний
redhat логотип

CVE-2006-3806

больше 19 лет назад

Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments."

EPSS: Средний
redhat логотип

CVE-2006-3802

больше 19 лет назад

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting (XSS) attacks using DOM methods of the top-level object.

EPSS: Низкий
redhat логотип

CVE-2006-3810

больше 19 лет назад

Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct.

EPSS: Средний
nvd логотип

CVE-2006-3731

больше 19 лет назад

Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attackers to cause a denial of service (crash) via a form with a multipart/form-data encoding and a user-uploaded file. NOTE: a third party has claimed that this issue might be related to the LiveHTTPHeaders extension.

CVSS2: 2.6
EPSS: Низкий
debian логотип

CVE-2006-3731

больше 19 лет назад

Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attack ...

CVSS2: 2.6
EPSS: Низкий
ubuntu логотип

CVE-2006-3731

больше 19 лет назад

Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attackers to cause a denial of service (crash) via a form with a multipart/form-data encoding and a user-uploaded file. NOTE: a third party has claimed that this issue might be related to the LiveHTTPHeaders extension.

CVSS2: 2.6
EPSS: Низкий
nvd логотип

CVE-2006-3352

больше 19 лет назад

Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their test results. Other third parties also disputed the original report. Therefore, this is not a vulnerability. It is being assigned a candidate number to provide a clear indication of its status

CVSS2: 6.4
EPSS: Низкий
debian логотип

CVE-2006-3352

больше 19 лет назад

Cross-domain vulnerability in Mozilla Firefox allows remote attackers ...

CVSS2: 6.4
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
redhat логотип
CVE-2006-3809

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context.

3%
Низкий
больше 19 лет назад
redhat логотип
CVE-2006-3801

Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code.

28%
Средний
больше 19 лет назад
redhat логотип
CVE-2006-3806

Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments."

30%
Средний
больше 19 лет назад
redhat логотип
CVE-2006-3802

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting (XSS) attacks using DOM methods of the top-level object.

4%
Низкий
больше 19 лет назад
redhat логотип
CVE-2006-3810

Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct.

14%
Средний
больше 19 лет назад
nvd логотип
CVE-2006-3731

Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attackers to cause a denial of service (crash) via a form with a multipart/form-data encoding and a user-uploaded file. NOTE: a third party has claimed that this issue might be related to the LiveHTTPHeaders extension.

CVSS2: 2.6
1%
Низкий
больше 19 лет назад
debian логотип
CVE-2006-3731

Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attack ...

CVSS2: 2.6
1%
Низкий
больше 19 лет назад
ubuntu логотип
CVE-2006-3731

Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attackers to cause a denial of service (crash) via a form with a multipart/form-data encoding and a user-uploaded file. NOTE: a third party has claimed that this issue might be related to the LiveHTTPHeaders extension.

CVSS2: 2.6
1%
Низкий
больше 19 лет назад
nvd логотип
CVE-2006-3352

Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their test results. Other third parties also disputed the original report. Therefore, this is not a vulnerability. It is being assigned a candidate number to provide a clear indication of its status

CVSS2: 6.4
1%
Низкий
больше 19 лет назад
debian логотип
CVE-2006-3352

Cross-domain vulnerability in Mozilla Firefox allows remote attackers ...

CVSS2: 6.4
1%
Низкий
больше 19 лет назад

Уязвимостей на страницу


Поделиться