Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Firefox
(Mozilla)| Repositories |
• https://github.com/libevent/libevent
• https://github.com/khaledhosny/ots |
| #Vulnerabilities | 2689 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-10-22 | CVE-2020-15680 | If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This vulnerability affects Firefox < 82. | Firefox | 5.3 | ||
| 2020-10-22 | CVE-2020-15681 | When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82. | Firefox | 7.5 | ||
| 2020-10-22 | CVE-2020-15682 | When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin. This vulnerability affects Firefox < 82. | Firefox | 6.5 | ||
| 2020-10-22 | CVE-2020-15684 | Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 82. | Firefox | 9.8 | ||
| 2020-10-28 | CVE-2020-6829 | When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80. | Firefox | 5.3 | ||
| 2020-12-09 | CVE-2020-26950 | In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2020-12-09 | CVE-2020-26951 | A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. | Firefox, Firefox_esr, Thunderbird | 6.1 | ||
| 2020-12-09 | CVE-2020-26952 | Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox < 83. | Firefox | 8.8 | ||
| 2020-12-09 | CVE-2020-26953 | It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. | Firefox, Firefox_esr, Thunderbird | 4.3 | ||
| 2020-12-09 | CVE-2020-26954 | When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83. | Firefox | 4.3 |