Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Firefox
(Mozilla)| Repositories |
• https://github.com/libevent/libevent
• https://github.com/khaledhosny/ots |
| #Vulnerabilities | 2544 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-02-26 | CVE-2021-23960 | Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2021-02-26 | CVE-2021-23962 | Incorrect use of the '<RowCountChanged>' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85. | Firefox | 8.8 | ||
| 2021-02-26 | CVE-2021-23959 | An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. | Firefox | 6.1 | ||
| 2021-02-26 | CVE-2021-23957 | Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. | Firefox | 7.4 | ||
| 2021-02-26 | CVE-2021-23958 | The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85. | Firefox | 6.5 | ||
| 2021-02-26 | CVE-2021-23956 | An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85. | Firefox | 6.5 | ||
| 2021-02-26 | CVE-2021-23955 | The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85. | Firefox | 6.1 | ||
| 2021-02-26 | CVE-2021-23954 | Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2020-01-08 | CVE-2019-11745 | When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Thunderbird, Leap, Enterprise_linux_server_aus, Ruggedcom_rox_mx5000_firmware, Ruggedcom_rox_rx1400_firmware, Ruggedcom_rox_rx1500_firmware, Ruggedcom_rox_rx1501_firmware, Ruggedcom_rox_rx1510_firmware, Ruggedcom_rox_rx1511_firmware, Ruggedcom_rox_rx1512_firmware, Ruggedcom_rox_rx5000_firmware | 8.8 | ||
| 2021-01-07 | CVE-2020-26976 | When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84. | Debian_linux, Firefox | 6.5 |