Vulnerabilities > Mozilla > Firefox > 21.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-22 | CVE-2020-15680 | Unspecified vulnerability in Mozilla Firefox If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. | 5.0 |
| 2020-10-08 | CVE-2020-12401 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. | 4.7 |
| 2020-10-08 | CVE-2020-12400 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. | 4.7 |
| 2020-10-01 | CVE-2020-15675 | Classic Buffer Overflow vulnerability in Mozilla Firefox When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. | 6.8 |
| 2020-10-01 | CVE-2020-15674 | Release of Invalid Pointer or Reference vulnerability in Mozilla Firefox Mozilla developers reported memory safety bugs present in Firefox 80. | 6.8 |
| 2020-10-01 | CVE-2020-15670 | Release of Invalid Pointer or Reference vulnerability in Mozilla Firefox and Firefox ESR Mozilla developers reported memory safety bugs present in Firefox for Android 79. | 6.8 |
| 2020-10-01 | CVE-2020-15668 | Improper Locking vulnerability in Mozilla Firefox A lock was missing when accessing a data structure and importing certificate information into the trust database. | 4.3 |
| 2020-10-01 | CVE-2020-15667 | Unrestricted Upload of File with Dangerous Type vulnerability in Mozilla Firefox When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. | 6.8 |
| 2020-10-01 | CVE-2020-15666 | Information Exposure vulnerability in Mozilla Firefox When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. | 4.3 |
| 2020-10-01 | CVE-2020-15665 | Unspecified vulnerability in Mozilla Firefox Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. network mozilla | 4.3 |