Vulnerabilities > Mozilla > Firefox

DATE CVE VULNERABILITY TITLE RISK
2020-07-09 CVE-2020-12414 Incomplete Cleanup vulnerability in Mozilla Firefox
IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode.
network
low complexity
mozilla CWE-459
6.5
2020-07-09 CVE-2020-12412 Unspecified vulnerability in Mozilla Firefox
By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents.
network
low complexity
mozilla
4.3
2020-07-09 CVE-2020-12411 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers reported memory safety bugs present in Firefox 76.
network
low complexity
mozilla CWE-787
8.8
2020-07-09 CVE-2020-12410 Out-of-bounds Write vulnerability in multiple products
Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8.
network
low complexity
mozilla canonical CWE-787
8.8
2020-07-09 CVE-2020-12409 Unspecified vulnerability in Mozilla Firefox
When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL.
network
low complexity
mozilla
8.8
2020-07-09 CVE-2020-12408 Unspecified vulnerability in Mozilla Firefox
When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar.
network
low complexity
mozilla
6.5
2020-07-09 CVE-2020-12407 Out-of-bounds Read vulnerability in Mozilla Firefox
Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen.
network
low complexity
mozilla CWE-125
6.5
2020-07-09 CVE-2020-12406 Insufficient Verification of Data Authenticity vulnerability in multiple products
Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash.
network
low complexity
mozilla canonical CWE-345
8.8
2020-07-09 CVE-2020-12405 Use After Free vulnerability in multiple products
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash.
network
high complexity
mozilla canonical CWE-416
5.3
2020-07-09 CVE-2020-12404 Cross-site Scripting vulnerability in Mozilla Firefox
For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions.
network
low complexity
mozilla CWE-79
4.3