Mozilla Firefox — свободный браузер на движке Gecko

The installation confirmation dialog in Firefox before 1.0.1, Thunderb ...

Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a p ...

The native implementations of InstallTrigger and other functions in Fi ...

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 all ...

Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...

Firefox 1.0 does not prevent the user from dragging an executable file ...

Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.

Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.

The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.

The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking."