Vulnerabilities > Mozilla > Firefox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-09 | CVE-2020-26958 | Cross-site Scripting vulnerability in Mozilla Firefox Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. | 6.1 |
| 2020-12-09 | CVE-2020-26957 | Improper Initialization vulnerability in Mozilla Firefox 80.0 OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. | 6.5 |
| 2020-12-09 | CVE-2020-26956 | Cross-site Scripting vulnerability in Mozilla Firefox In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. | 6.1 |
| 2020-12-09 | CVE-2020-26955 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Mozilla Firefox 80.0 When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original and subsequent request were in private and non-private browsing modes. | 6.5 |
| 2020-12-09 | CVE-2020-26954 | Unspecified vulnerability in Mozilla Firefox 80.0 When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. | 4.3 |
| 2020-12-09 | CVE-2020-26953 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. | 4.3 |
| 2020-12-09 | CVE-2020-26951 | Cross-site Scripting vulnerability in Mozilla Firefox A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. | 6.1 |
| 2020-10-28 | CVE-2020-6829 | Unspecified vulnerability in Mozilla Firefox When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. | 5.3 |
| 2020-10-22 | CVE-2020-15682 | Origin Validation Error vulnerability in Mozilla Firefox When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. | 6.5 |
| 2020-10-22 | CVE-2020-15680 | Unspecified vulnerability in Mozilla Firefox If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. | 5.3 |