17 matches found
Astra Linux – Vulnerability in Firefox and Thunderbird
If the Content Security Policy blocks frame navigation, the full destination of a redirect served within the frame is reported in the violation report; instead of just the original frame URI. This could be used to disclose sensitive information contained in such URIs. This vulnerability affects...
Linux Distros Unpatched Vulnerability : CVE-2020-26956
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox 8...
Linux Distros Unpatched Vulnerability : CVE-2021-29959
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it...
Linux Distros Unpatched Vulnerability : CVE-2020-26960
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If the Compact method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free an...
Linux Distros Unpatched Vulnerability : CVE-2020-15681
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shar...
Linux Distros Unpatched Vulnerability : CVE-2020-15668
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A lock was missing when accessing a data structure and importing certificate information into the trust database. This vulnerability affects Firefox 80 and...
SUSE CVE-2020-15666
When trying to load a non-video in an audio/video context the exact status code 200, 302, 404, 500, 412, 403, etc. was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status ...
SUSE CVE-2020-15670
Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 80, Firefox ESR 78.2,...
SUSE CVE-2020-26957
OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox...
Mozilla: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11
Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 78.11,...
DEBIAN-CVE-2021-23961
Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox 85...
CVE-2020-26967
When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. This vulnerability...
Mozilla: Use-after-free in WebRequestService
During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...
Mozilla: Fullscreen could be enabled without displaying the security UI
It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...
ALPINE-CVE-2020-6829
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This...
DEBIAN-CVE-2020-12400
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox 80 and Firefox for Android 80...
UBUNTU-CVE-2020-15668
A lock was missing when accessing a data structure and importing certificate information into the trust database. This vulnerability affects Firefox 80 and Firefox for Android 80...