Vulnerabilities > Mozilla > Firefox > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-09 | CVE-2018-12371 | Integer Overflow or Wraparound vulnerability in Mozilla Firefox An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. | 8.8 |
| 2020-05-26 | CVE-2020-6830 | Information Exposure vulnerability in Mozilla Firefox For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. | 7.5 |
| 2020-05-26 | CVE-2020-12391 | Incorrect Authorization vulnerability in Mozilla Firefox Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. | 7.5 |
| 2020-05-26 | CVE-2020-12387 | Use After Free vulnerability in Mozilla Thunderbird A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. | 8.1 |
| 2020-05-26 | CVE-2020-12393 | OS Command Injection vulnerability in Mozilla Firefox The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. | 7.8 |
| 2020-04-24 | CVE-2020-6822 | Out-of-bounds Write vulnerability in Mozilla Firefox On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. | 8.8 |
| 2020-04-24 | CVE-2020-6821 | Use of Uninitialized Resource vulnerability in Mozilla Firefox When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. | 7.5 |
| 2020-04-24 | CVE-2020-6820 | Race Condition vulnerability in Mozilla Thunderbird Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. | 8.1 |
| 2020-04-24 | CVE-2020-6819 | Use After Free vulnerability in Mozilla Thunderbird Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. | 8.1 |
| 2020-03-25 | CVE-2020-6811 | Command Injection vulnerability in multiple products The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. | 8.8 |