Show filters
122 Total Results
Displaying 1-10 of 122
Sort by:
Attacker Value
Unknown
CVE-2020-15658
Disclosure Date: August 10, 2020 (last updated October 07, 2023)
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
0
Attacker Value
Unknown
CVE-2020-15656
Disclosure Date: August 10, 2020 (last updated October 07, 2023)
JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
0
Attacker Value
Unknown
CVE-2020-15654
Disclosure Date: August 10, 2020 (last updated October 07, 2023)
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
0
Attacker Value
Unknown
CVE-2020-15653
Disclosure Date: August 10, 2020 (last updated October 07, 2023)
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
0
Attacker Value
Unknown
CVE-2020-15652
Disclosure Date: August 10, 2020 (last updated October 22, 2024)
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.
0
Attacker Value
Unknown
CVE-2020-15655
Disclosure Date: August 10, 2020 (last updated November 28, 2024)
A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
0
Attacker Value
Unknown
CVE-2020-15659
Disclosure Date: August 10, 2020 (last updated November 28, 2024)
Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.
0
Attacker Value
Unknown
CVE-2020-12417
Disclosure Date: July 09, 2020 (last updated November 28, 2024)
Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
0
Attacker Value
Unknown
CVE-2020-12410
Disclosure Date: July 09, 2020 (last updated November 28, 2024)
Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
0
Attacker Value
Unknown
CVE-2020-12418
Disclosure Date: July 09, 2020 (last updated November 28, 2024)
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
0