This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Summuary | |
|---|---|
| CPE Name | cpe:/a:mozilla:firefox:2.0 |
| Detail | |||
|---|---|---|---|
| Vendor | Mozilla | First view | 2006-10-31 |
| Product | Firefox | Last view | 2013-04-03 |
| Version | 2.0 | Type | Application |
| Edition | |||
| Language | |||
| Update | |||
| CPE Product | cpe:/a:mozilla:firefox | ||
Activity : Yearly
Related : CVE
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 10 | 2013-04-03 | CVE-2013-0790 | Network | Low | None Requ... | |
| 10 | 2013-02-19 | CVE-2013-0784 | Network | Low | None Requ... | |
| 10 | 2013-02-19 | CVE-2013-0783 | Network | Low | None Requ... | |
| 10 | 2013-02-19 | CVE-2013-0782 | Network | Low | None Requ... | |
| 10 | 2013-02-19 | CVE-2013-0781 | Network | Low | None Requ... | |
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 9.3 | 2013-02-19 | CVE-2013-0780 | Network | Medium | None Requ... | |
| 10 | 2013-02-19 | CVE-2013-0779 | Network | Low | None Requ... | |
| 10 | 2013-02-19 | CVE-2013-0778 | Network | Low | None Requ... | |
| 10 | 2013-02-19 | CVE-2013-0777 | Network | Low | None Requ... | |
| 4 | 2013-02-19 | CVE-2013-0776 | Network | High | None Requ... | |
| 10 | 2013-02-19 | CVE-2013-0775 | Network | Low | None Requ... | |
| 5 | 2013-02-19 | CVE-2013-0774 | Network | Low | None Requ... | |
| 10 | 2013-02-19 | CVE-2013-0773 | Network | Low | None Requ... | |
| 5.8 | 2013-02-19 | CVE-2013-0772 | Network | Medium | None Requ... | |
| 5 | 2013-02-19 | CVE-2013-0765 | Network | Low | None Requ... | |
| 9.3 | 2013-01-13 | CVE-2013-0771 | Network | Medium | None Requ... | |
| 10 | 2013-01-13 | CVE-2013-0770 | Network | Low | None Requ... | |
| 10 | 2013-01-13 | CVE-2013-0769 | Network | Low | None Requ... | |
| 10 | 2013-01-13 | CVE-2013-0768 | Network | Low | None Requ... | |
| 10 | 2013-01-13 | CVE-2013-0767 | Network | Low | None Requ... | |
| 10 | 2013-01-13 | CVE-2013-0766 | Network | Low | None Requ... | |
| 9.3 | 2013-01-13 | CVE-2013-0764 | Network | Medium | None Requ... | |
| 10 | 2013-01-13 | CVE-2013-0763 | Network | Low | None Requ... | |
| 10 | 2013-01-13 | CVE-2013-0762 | Network | Low | None Requ... |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 29% (91) | CWE-399 | Resource Management Errors |
| 14% (44) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 13% (41) | CWE-264 | Permissions, Privileges, and Access Controls |
| 9% (29) | CWE-20 | Improper Input Validation |
| 8% (26) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| % | id | Name |
|---|---|---|
| 6% (21) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 6% (20) | CWE-200 | Information Exposure |
| 4% (15) | CWE-189 | Numeric Errors |
| 2% (8) | CWE-16 | Configuration |
| 1% (5) | CWE-287 | Improper Authentication |
| 1% (5) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 1% (4) | CWE-310 | Cryptographic Issues |
| 0% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 0% (1) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
CAPEC : Common Attack Pattern Enumeration & Classificatio
| id | Name |
|---|---|
| CAPEC-26 | Leveraging Race Conditions |
| CAPEC-29 | Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions |
| CAPEC-172 | Time and State Attacks |
Oval Markup Language : Definitions
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:10031 | The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and... |
| oval:org.mitre.oval:def:11691 | Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox... |
| oval:org.mitre.oval:def:10661 | Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Fir... |
| oval:org.mitre.oval:def:9746 | Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before... |
| oval:org.mitre.oval:def:9626 | Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firef... |
| id | Name |
|---|---|
| oval:org.mitre.oval:def:10895 | Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before ... |
| oval:org.mitre.oval:def:11077 | Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey befor... |
| oval:org.mitre.oval:def:10502 | Integer underflow in the SSLv2 support in Mozilla Network Security Services (... |
| oval:org.mitre.oval:def:10012 | Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox ... |
| oval:org.mitre.oval:def:8757 | GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x be... |
| oval:org.mitre.oval:def:9730 | Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.... |
| oval:org.mitre.oval:def:10164 | Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before ... |
| oval:org.mitre.oval:def:10086 | The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, a... |
| oval:org.mitre.oval:def:11665 | Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly imp... |
| oval:org.mitre.oval:def:10759 | Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1... |
| oval:org.mitre.oval:def:10066 | Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x befor... |
| oval:org.mitre.oval:def:10711 | Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x b... |
| oval:org.mitre.oval:def:11208 | The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x b... |
| oval:org.mitre.oval:def:9547 | Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1... |
| oval:org.mitre.oval:def:11433 | Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1... |
| oval:org.mitre.oval:def:11122 | Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to repl... |
| oval:org.mitre.oval:def:10108 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox... |
| oval:org.mitre.oval:def:11066 | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Fire... |
| oval:org.mitre.oval:def:11749 | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 al... |
| oval:org.mitre.oval:def:10009 | Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary c... |
Open Source Vulnerability Database (OSVDB)
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 77955 | Mozilla Multiple Product for Mac DOM Frame Deletion NULL Dereference Remote C... |
| 76954 | Mozilla Multiple Product WebGL GPU Memory Random Image Disclosure |
| 76952 | Mozilla Multiple Product Firebug JavaScript File Profiling Remote Memory Corr... |
| 76950 | Mozilla Multiple Product Unchecked Allocation Failure Remote Memory Corruption |
| 76949 | Mozilla Multiple Product SVG |
| id | Description |
|---|---|
| 76948 | Mozilla Multiple Product Shift-JIS XSS |
| 76947 | Mozilla Multiple Product JSSubScriptLoader loadSubScript Method XPCNativeWrap... |
| 75841 | Mozilla Multiple Product Enter Key Download Dialog Verification Bypass |
| 75840 | Mozilla Multiple Product PLUGINSPAGE Enter Key Addon Installation Verificatio... |
| 74587 | Mozilla Multiple Products Tab Element Dropping Weakness Remote Code Execution |
| 74586 | Mozilla Multiple Products RegExp.input Property Same Origin Policy Bypass Inf... |
| 74585 | Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-2982) |
| 74584 | Mozilla Multiple Products Event-Management Same Origin Policy Bypass Remote C... |
| 74583 | Mozilla Multiple Products ThinkPadSensor::Startup() Function Path Subversion ... |
| 74582 | Mozilla Multiple Products .appendChild() Function DOM Object Handling Remote ... |
| 74581 | Mozilla Multiple Products SVGTextElement.getCharNumAtPosition() Function SVG ... |
| 74448 | Mozilla Firefox HTTPS Session HTTP Set-Cookie Header HSTS includeSubDomains W... |
| 74319 | Mozilla Multiple Products netwerk/cookie/nsCookieService.cpp nsCookieService:... |
| 73193 | Mozilla Multiple Products Non-whitelisted Site Install Dialog Triggering Weak... |
| 73189 | Mozilla Multiple Products WebGL Texture Image Rendering Cross-domain Image Da... |
| 73188 | Mozilla Multiple Products Trailing Dot Cookie Cross-domain Information Disclo... |
| 73187 | Mozilla Multiple Products nsXULCommandDispatcher.cpp Use-after-free Remote Co... |
| 73186 | Mozilla Multiple Products nsSVGPointList::AppendElement() Use-after-free Remo... |
| 73185 | Mozilla Multiple Products nsSVGPathSegList::ReplaceItem() Use-after-free Remo... |
| 73184 | Mozilla Multiple Products Array.reduceRight() Method Overflow |
Milw0rm Exploits
| id | Description |
|---|---|
| 2009-07-15 | Multiple Web Browsers Denial of Service Exploit (1 bug to rule them all) |
| 2009-03-25 | Mozilla Firefox XSL Parsing Remote Memory Corruption PoC 0day |
ExploitDB Exploits
| id | Description |
|---|---|
| 18531 | Mozilla Firefox Firefox 4.0.1 Array.reduceRight() Exploit |
| 17974 | Mozilla Firefox Array.reduceRight() Integer Overflow Exploit |
| 10544 | Mozilla Firefox Location Bar Spoofing Vulnerability |
| 9663 | Mozilla Firefox 2.0.0.16 UTF-8 URL Remote Buffer Overflow Exploit |
| 3340 | Mozilla Firefox <= 2.0.0.1 (location.hostname) Cross-Domain Vulnerability |
Metasploit Exploits
| id | Description |
|---|---|
| 2011-06-21 | Mozilla Firefox Array.reduceRight() Integer Overflow |
| 2011-05-10 | Mozilla Firefox 3.6.16 mChannel Use-After-Free Vulnerability |
| 2011-05-10 | Mozilla Firefox 3.6.16 mChannel Use-After-Free |
| 2011-02-02 | Mozilla Firefox "nsTreeRange" Dangling Pointer Vulnerability |
| 2011-12-06 | Firefox 8/9 AttributeChildRemoved() Use-After-Free |
