Mozilla Firefox — свободный браузер на движке Gecko
Релизный цикл, информация об уязвимостях
График релизов
Количество 15 425
CVE-2005-0230
Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging."
CVE-2005-0989
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
CVE-2005-1159
The native implementations of InstallTrigger and other functions in Fi ...
CVE-2005-0589
The Form Fill feature in Firefox before 1.0.1 allows remote attackers ...
CVE-2005-1158
Multiple "missing security checks" in Firefox before 1.0.3 allow remot ...
CVE-2005-0141
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...
CVE-2005-0590
The installation confirmation dialog in Firefox before 1.0.1, Thunderb ...
CVE-2005-0144
Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lo ...
CVE-2005-0588
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:in ...
CVE-2005-0255
String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbi ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2005-0230 Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging." | CVSS2: 5.1 | 2% Низкий | почти 21 год назад |
| CVE-2005-0989 The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method. | CVSS2: 5 | 25% Средний | почти 21 год назад |
| CVE-2005-1159 The native implementations of InstallTrigger and other functions in Fi ... | CVSS2: 7.5 | 4% Низкий | почти 21 год назад |
| CVE-2005-0589 The Form Fill feature in Firefox before 1.0.1 allows remote attackers ... | CVSS2: 5 | 1% Низкий | почти 21 год назад |
| CVE-2005-1158 Multiple "missing security checks" in Firefox before 1.0.3 allow remot ... | CVSS2: 5 | 1% Низкий | почти 21 год назад |
| CVE-2005-0141 Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ... | CVSS2: 2.6 | 1% Низкий | почти 21 год назад |
| CVE-2005-0590 The installation confirmation dialog in Firefox before 1.0.1, Thunderb ... | CVSS2: 5 | 2% Низкий | почти 21 год назад |
| CVE-2005-0144 Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lo ... | CVSS2: 2.6 | 1% Низкий | почти 21 год назад |
| CVE-2005-0588 Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:in ... | CVSS2: 5 | 1% Низкий | почти 21 год назад |
| CVE-2005-0255 String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbi ... | CVSS2: 5 | 8% Низкий | почти 21 год назад |
Уязвимостей на страницу