Lucene search

K
MozillaFirefox Esr

11 matches found

CVE
CVE
added 2020/12/09 1:15 a.m.374 views

CVE-2020-26950

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird

9.3CVSS8.3AI score0.76006EPSS
CVE
CVE
added 2020/12/09 1:15 a.m.268 views

CVE-2020-26965

Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was ...

6.5CVSS6.8AI score0.00444EPSS
CVE
CVE
added 2020/12/09 1:15 a.m.240 views

CVE-2020-26960

If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird

9.3CVSS8.3AI score0.00665EPSS
CVE
CVE
added 2020/12/09 1:15 a.m.230 views

CVE-2020-26959

During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird

8.8CVSS8.3AI score0.00495EPSS
CVE
CVE
added 2020/12/09 1:15 a.m.228 views

CVE-2020-26968

Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefo...

9.3CVSS9.1AI score0.00635EPSS
CVE
CVE
added 2020/12/09 1:15 a.m.225 views

CVE-2020-26956

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird

6.1CVSS6.5AI score0.00526EPSS
CVE
CVE
added 2020/12/09 1:15 a.m.224 views

CVE-2020-26961

When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding at...

6.5CVSS6.8AI score0.00275EPSS
CVE
CVE
added 2020/12/09 1:15 a.m.220 views

CVE-2020-26951

A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability af...

6.1CVSS6.5AI score0.00188EPSS
CVE
CVE
added 2020/12/09 1:15 a.m.213 views

CVE-2020-26953

It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird

4.3CVSS5.7AI score0.00283EPSS
CVE
CVE
added 2020/12/09 1:15 a.m.210 views

CVE-2020-26958

Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox < 83, Firefox ESR &lt...

6.1CVSS6.5AI score0.00303EPSS
CVE
CVE
added 2020/12/09 1:15 a.m.194 views

CVE-2020-26966

Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. . This vuln...

6.5CVSS6.2AI score0.00444EPSS