Vulnerabilities > Mozilla > Firefox > High

DATE CVE VULNERABILITY TITLE RISK
2020-10-01 CVE-2020-15670 Reachable Assertion vulnerability in Mozilla Firefox and Firefox ESR
Mozilla developers reported memory safety bugs present in Firefox for Android 79.
network
low complexity
mozilla CWE-617
8.8
2020-10-01 CVE-2020-15667 Out-of-bounds Write vulnerability in Mozilla Firefox
When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution.
network
low complexity
mozilla CWE-787
8.8
2020-10-01 CVE-2020-15663 Uncontrolled Search Path Element vulnerability in Mozilla Firefox
If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges.
network
low complexity
mozilla CWE-427
8.8
2020-10-01 CVE-2020-15678 Use After Free vulnerability in multiple products
When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free.
network
low complexity
mozilla opensuse debian CWE-416
8.8
2020-10-01 CVE-2020-15673 Use After Free vulnerability in multiple products
Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2.
network
low complexity
mozilla debian opensuse CWE-416
8.8
2020-08-10 CVE-2020-15659 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0.
network
low complexity
mozilla opensuse canonical CWE-787
8.8
2020-08-10 CVE-2020-15657 Uncontrolled Search Path Element vulnerability in Mozilla Firefox
Firefox could be made to load attacker-supplied DLL files from the installation directory.
local
low complexity
mozilla CWE-427
7.8
2020-08-10 CVE-2020-15656 Type Confusion vulnerability in multiple products
JIT optimizations involving the Javascript arguments object could confuse later optimizations.
network
low complexity
mozilla opensuse canonical CWE-843
8.8
2020-08-10 CVE-2020-15647 Information Exposure vulnerability in Mozilla Firefox
A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins.
network
low complexity
mozilla CWE-200
7.4
2020-07-09 CVE-2020-12426 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 77.
network
low complexity
mozilla opensuse CWE-787
8.8