Vulnerabilities > Mozilla > Firefox > 20.0.1

DATE CVE VULNERABILITY TITLE RISK
2020-05-26 CVE-2020-12393 Injection vulnerability in Mozilla Firefox
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website.
local
low complexity
mozilla CWE-74
4.6
2020-04-24 CVE-2020-6826 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74.
network
low complexity
mozilla CWE-119
7.5
2020-04-24 CVE-2020-6825 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6.
network
low complexity
mozilla CWE-119
7.5
2020-04-24 CVE-2020-6824 Session Fixation vulnerability in Mozilla Firefox
Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open.
1.9
2020-04-24 CVE-2020-6823 Improper Privilege Management vulnerability in Mozilla Firefox
A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider.
network
low complexity
mozilla CWE-269
7.5
2020-04-24 CVE-2020-6822 Out-of-bounds Write vulnerability in Mozilla Firefox
On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>.
network
mozilla CWE-787
6.8
2020-04-24 CVE-2020-6821 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero.
network
low complexity
mozilla CWE-119
5.0
2020-04-24 CVE-2020-6820 Race Condition vulnerability in Mozilla Thunderbird
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free.
network
mozilla CWE-362
6.8
2020-04-24 CVE-2020-6819 Use After Free vulnerability in Mozilla Thunderbird
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free.
network
high complexity
mozilla CWE-416
8.1
2020-03-25 CVE-2020-6815 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
Mozilla developers reported memory safety and script safety bugs present in Firefox 73.
network
low complexity
mozilla CWE-119
7.5