8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.006 Low
EPSS
Percentile
75.7%
July 28, 2020 Andrey Cherepanov 78.1.0-alt1
- New release (78.1.0).
- Fixes:
+ CVE-2020-15652 Potential leak of redirect targets when loading scripts in a worker
+ CVE-2020-6514 WebRTC data channel leaks internal address to peer
+ CVE-2020-15655 Extension APIs could be used to bypass Same-Origin Policy
+ CVE-2020-15653 Bypassing iframe sandbox when allowing popups
+ CVE-2020-6463 Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
+ CVE-2020-15656 Type confusion for special arguments in IonMonkey
+ CVE-2020-15658 Overriding file type when saving to disk
+ CVE-2020-15657 DLL hijacking due to incorrect loading path
+ CVE-2020-15654 Custom cursor can overlay user interface
+ CVE-2020-15659 Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.006 Low
EPSS
Percentile
75.7%