5 matches found
SUSE CVE-2020-26954
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...
SUSE CVE-2020-26956
In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...
Mozilla Firefox Memory Corruption Vulnerability (CNVD-2020-72461)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A memory corruption vulnerability exists in Mozilla Firefox versions prior to 83. An attacker could exploit this vulnerability to cause memory corruption and program crash...
Mozilla: Fullscreen could be enabled without displaying the security UI
It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...
Mozilla Firefox 缓冲区错误漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A memory corruption vulnerability exists in Mozilla Firefox versions prior to 83. An attacker could exploit this vulnerability to cause memory corruption and program crash...