Vulnerabilities > Mozilla > Firefox ESR > 68.4.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-09 | CVE-2020-12420 | Use After Free vulnerability in multiple products When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. | 8.8 |
| 2020-07-09 | CVE-2020-12419 | Use After Free vulnerability in multiple products When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. | 8.8 |
| 2020-07-09 | CVE-2020-12418 | Out-of-bounds Read vulnerability in multiple products Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. | 6.5 |
| 2020-07-09 | CVE-2020-12417 | Incorrect Conversion between Numeric Types vulnerability in multiple products Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. | 8.8 |
| 2020-07-09 | CVE-2020-12410 | Out-of-bounds Write vulnerability in multiple products Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. | 8.8 |
| 2020-07-09 | CVE-2020-12406 | Insufficient Verification of Data Authenticity vulnerability in multiple products Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. | 8.8 |
| 2020-07-09 | CVE-2020-12405 | Use After Free vulnerability in multiple products When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. | 5.3 |
| 2020-07-09 | CVE-2020-12399 | Information Exposure Through Discrepancy vulnerability in multiple products NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. | 4.4 |
| 2020-05-26 | CVE-2020-6831 | Out-of-bounds Write vulnerability in multiple products A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. | 9.8 |
| 2020-05-26 | CVE-2020-12392 | Path Traversal vulnerability in multiple products The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. | 5.5 |