Vulnerabilities > Mozilla > Firefox ESR > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-26 | CVE-2021-23954 | Type Confusion vulnerability in Mozilla Firefox Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. | 8.8 |
| 2021-01-07 | CVE-2020-35113 | Out-of-bounds Write vulnerability in Mozilla Firefox ESR Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. | 8.8 |
| 2021-01-07 | CVE-2020-35112 | Unspecified vulnerability in Mozilla Firefox If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead. | 8.8 |
| 2021-01-07 | CVE-2020-26974 | Out-of-bounds Write vulnerability in Mozilla Firefox ESR When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. | 8.8 |
| 2021-01-07 | CVE-2020-26973 | Unspecified vulnerability in Mozilla Firefox ESR Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. | 8.8 |
| 2021-01-07 | CVE-2020-26971 | Out-of-bounds Write vulnerability in Mozilla Firefox ESR Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. | 8.8 |
| 2020-12-09 | CVE-2020-26968 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. | 8.8 |
| 2020-12-09 | CVE-2020-26960 | Use After Free vulnerability in Mozilla Firefox If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. | 8.8 |
| 2020-12-09 | CVE-2020-26959 | Use After Free vulnerability in Mozilla Firefox During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. | 8.8 |
| 2020-12-09 | CVE-2020-26950 | Use After Free vulnerability in Mozilla Firefox ESR In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. | 8.8 |