Vulnerabilities > Mozilla > Firefox > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-08-10 CVE-2020-15659 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0.
network
mozilla opensuse canonical CWE-787
critical
 9.3
9.3
2020-07-09 CVE-2020-12410 Out-of-bounds Write vulnerability in multiple products
Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8.
network
mozilla canonical CWE-787
critical
 9.3
9.3
2020-07-09 CVE-2020-12411 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
Mozilla developers reported memory safety bugs present in Firefox 76.
network
mozilla CWE-119
critical
 9.3
9.3
2020-07-09 CVE-2020-12416 Use After Free vulnerability in multiple products
A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash.
network
mozilla opensuse CWE-416
critical
 9.3
9.3
2020-07-09 CVE-2020-12417 Incorrect Conversion between Numeric Types vulnerability in multiple products
Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash.
network
mozilla canonical opensuse CWE-681
critical
 9.3
9.3
2020-07-09 CVE-2020-12420 Use After Free vulnerability in multiple products
When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash.
network
mozilla canonical opensuse CWE-416
critical
 9.3
9.3
2020-07-09 CVE-2020-12426 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 77.
network
mozilla opensuse CWE-787
critical
 9.3
9.3
2020-05-26 CVE-2020-12388 Improper Input Validation vulnerability in Mozilla Firefox
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape.
network
low complexity
mozilla CWE-20
critical
 10.0
10
2020-05-26 CVE-2020-12395 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7.
network
low complexity
mozilla canonical CWE-787
critical
 10.0
10
2019-09-27 CVE-2019-11752 Use After Free vulnerability in Mozilla Firefox
It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion.
network
mozilla CWE-416
critical
 9.3
9.3