Vulnerabilities > Mozilla > Firefox
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-22 | CVE-2020-15681 | Unspecified vulnerability in Mozilla Firefox When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. | 7.5 |
| 2020-10-22 | CVE-2020-15680 | Unspecified vulnerability in Mozilla Firefox If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. | 5.3 |
| 2020-10-08 | CVE-2020-12401 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. | 4.7 |
| 2020-10-08 | CVE-2020-12400 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. | 4.7 |
| 2020-10-01 | CVE-2020-15675 | Use After Free vulnerability in Mozilla Firefox When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. | 8.8 |
| 2020-10-01 | CVE-2020-15674 | Improper Locking vulnerability in Mozilla Firefox Mozilla developers reported memory safety bugs present in Firefox 80. | 8.8 |
| 2020-10-01 | CVE-2020-15671 | Race Condition vulnerability in Mozilla Firefox When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, resulting in the typed password being saved to the keyboard dictionary. | 3.1 |
| 2020-10-01 | CVE-2020-15670 | Reachable Assertion vulnerability in Mozilla Firefox and Firefox ESR Mozilla developers reported memory safety bugs present in Firefox for Android 79. | 8.8 |
| 2020-10-01 | CVE-2020-15668 | Improper Locking vulnerability in Mozilla Firefox A lock was missing when accessing a data structure and importing certificate information into the trust database. | 4.3 |
| 2020-10-01 | CVE-2020-15667 | Out-of-bounds Write vulnerability in Mozilla Firefox When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. | 8.8 |