Vulnerabilities > Mozilla > Firefox
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-08 | CVE-2020-12401 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. | 4.7 |
| 2020-10-08 | CVE-2020-12400 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. | 4.7 |
| 2020-10-01 | CVE-2020-15675 | Use After Free vulnerability in Mozilla Firefox When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. | 8.8 |
| 2020-10-01 | CVE-2020-15674 | Improper Locking vulnerability in Mozilla Firefox Mozilla developers reported memory safety bugs present in Firefox 80. | 8.8 |
| 2020-10-01 | CVE-2020-15671 | Race Condition vulnerability in Mozilla Firefox When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, resulting in the typed password being saved to the keyboard dictionary. | 3.1 |
| 2020-10-01 | CVE-2020-15670 | Reachable Assertion vulnerability in Mozilla Firefox and Firefox ESR Mozilla developers reported memory safety bugs present in Firefox for Android 79. | 8.8 |
| 2020-10-01 | CVE-2020-15668 | Improper Locking vulnerability in Mozilla Firefox A lock was missing when accessing a data structure and importing certificate information into the trust database. | 4.3 |
| 2020-10-01 | CVE-2020-15667 | Out-of-bounds Write vulnerability in Mozilla Firefox When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. | 8.8 |
| 2020-10-01 | CVE-2020-15666 | Information Exposure Through an Error Message vulnerability in Mozilla Firefox When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. | 6.5 |
| 2020-10-01 | CVE-2020-15665 | Unspecified vulnerability in Mozilla Firefox Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. | 4.3 |