4 matches found
CVE-2020-6799
Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that...
Mozilla: Incorrect parsing of template tag could result in JavaScript injection
If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be...
Security update for MozillaFirefox (important)
openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2020:0230-1 Rating: important References: 1163368 Cross-References: CVE-2020-6796 CVE-2020-6797 CVE-2020-6798 CVE-2020-6799 CVE-2020-6800 Affected Products: openSUSE Leap 15.1 An update that fixes 5...
CVE-2020-6796
A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 73 and Firefox ESR68.5...