Логотип exploitDog
product: "firefox"
Консоль
Логотип exploitDog

exploitDog

product: "firefox"
Mozilla Firefox

Mozilla Firefoxсвободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox
Вендор: mozilla

График релизов

11511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614720232024202520262027

Недавние уязвимости Mozilla Firefox

Количество 15 425

ubuntu логотип

CVE-2006-2775

больше 19 лет назад

Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL.

CVSS2: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2006-2776

больше 19 лет назад

Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended.

CVSS2: 7.5
EPSS: Средний
redhat логотип

CVE-2006-2780

больше 19 лет назад

Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption.

EPSS: Средний
redhat логотип

CVE-2006-2779

больше 19 лет назад

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.

EPSS: Средний
nvd логотип

CVE-2006-2723

больше 19 лет назад

Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags. NOTE: a followup post indicated that the initial report could not be verified.

CVSS2: 5
EPSS: Низкий
debian логотип

CVE-2006-2723

больше 19 лет назад

Unspecified versions of Mozilla Firefox allow remote attackers to caus ...

CVSS2: 5
EPSS: Низкий
redhat логотип

CVE-2006-2788

больше 19 лет назад

Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code.

EPSS: Низкий
redhat логотип

CVE-2006-2785

больше 19 лет назад

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL.

EPSS: Низкий
redhat логотип

CVE-2006-2778

больше 19 лет назад

The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.

EPSS: Средний
redhat логотип

CVE-2006-2784

больше 19 лет назад

The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
ubuntu логотип
CVE-2006-2775

Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL.

CVSS2: 7.5
8%
Низкий
больше 19 лет назад
ubuntu логотип
CVE-2006-2776

Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended.

CVSS2: 7.5
31%
Средний
больше 19 лет назад
redhat логотип
CVE-2006-2780

Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption.

27%
Средний
больше 19 лет назад
redhat логотип
CVE-2006-2779

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.

23%
Средний
больше 19 лет назад
nvd логотип
CVE-2006-2723

Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags. NOTE: a followup post indicated that the initial report could not be verified.

CVSS2: 5
8%
Низкий
больше 19 лет назад
debian логотип
CVE-2006-2723

Unspecified versions of Mozilla Firefox allow remote attackers to caus ...

CVSS2: 5
8%
Низкий
больше 19 лет назад
redhat логотип
CVE-2006-2788

Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code.

8%
Низкий
больше 19 лет назад
redhat логотип
CVE-2006-2785

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL.

2%
Низкий
больше 19 лет назад
redhat логотип
CVE-2006-2778

The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.

23%
Средний
больше 19 лет назад
redhat логотип
CVE-2006-2784

The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site.

4%
Низкий
больше 19 лет назад

Уязвимостей на страницу


Поделиться