Vulnerabilities > Mozilla > Firefox > 2.0.0.9

DATE CVE VULNERABILITY TITLE RISK
2020-12-09 CVE-2020-26950 Use After Free vulnerability in Mozilla Firefox
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition.
network
mozilla CWE-416
critical
9.3
2020-10-22 CVE-2020-15684 Unspecified vulnerability in Mozilla Firefox
Mozilla developers reported memory safety bugs present in Firefox 81.
network
low complexity
mozilla
7.5
2020-10-22 CVE-2020-15683 Use After Free vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3.
network
low complexity
mozilla debian opensuse CWE-416
7.5
2020-10-22 CVE-2020-15682 Origin Validation Error vulnerability in Mozilla Firefox
When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in.
network
mozilla CWE-346
4.3
2020-10-22 CVE-2020-15681 Unspecified vulnerability in Mozilla Firefox
When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash.
network
low complexity
mozilla
5.0
2020-10-22 CVE-2020-15680 Unspecified vulnerability in Mozilla Firefox
If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler.
network
low complexity
mozilla
5.0
2020-10-08 CVE-2020-12401 Information Exposure Through Discrepancy vulnerability in Mozilla Firefox
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data.
local
high complexity
mozilla CWE-203
4.7
2020-10-08 CVE-2020-12400 Information Exposure Through Discrepancy vulnerability in Mozilla Firefox
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack.
local
high complexity
mozilla CWE-203
4.7
2020-10-01 CVE-2020-15675 Classic Buffer Overflow vulnerability in Mozilla Firefox
When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash.
network
mozilla CWE-120
6.8
2020-10-01 CVE-2020-15674 Release of Invalid Pointer or Reference vulnerability in Mozilla Firefox
Mozilla developers reported memory safety bugs present in Firefox 80.
network
mozilla CWE-763
6.8