Vulnerabilities > Mozilla > Firefox

DATE CVE VULNERABILITY TITLE RISK
2020-04-24 CVE-2020-6822 Out-of-bounds Write vulnerability in Mozilla Firefox
On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>.
network
low complexity
mozilla CWE-787
8.8
2020-04-24 CVE-2020-6821 Use of Uninitialized Resource vulnerability in Mozilla Firefox
When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero.
network
low complexity
mozilla CWE-908
7.5
2020-04-24 CVE-2020-6820 Race Condition vulnerability in Mozilla Thunderbird
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free.
network
high complexity
mozilla CWE-362
8.1
2020-04-24 CVE-2020-6819 Use After Free vulnerability in Mozilla Thunderbird
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free.
network
high complexity
mozilla CWE-416
8.1
2020-03-25 CVE-2020-6815 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers reported memory safety and script safety bugs present in Firefox 73.
network
low complexity
mozilla CWE-787
critical
9.8
2020-03-25 CVE-2020-6814 Out-of-bounds Write vulnerability in multiple products
Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5.
network
low complexity
mozilla canonical CWE-787
critical
9.8
2020-03-25 CVE-2020-6813 Unspecified vulnerability in Mozilla Firefox
When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy.
network
low complexity
mozilla
5.3
2020-03-25 CVE-2020-6812 Information Exposure vulnerability in multiple products
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g.
network
low complexity
mozilla canonical CWE-200
5.3
2020-03-25 CVE-2020-6811 Command Injection vulnerability in multiple products
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website.
network
low complexity
mozilla canonical CWE-77
8.8
2020-03-25 CVE-2020-6810 Authentication Bypass by Spoofing vulnerability in Mozilla Firefox
After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode.
network
low complexity
mozilla CWE-290
4.3