Vulnerabilities > Mozilla > Firefox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-09 | CVE-2020-26954 | Unspecified vulnerability in Mozilla Firefox 80.0 When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. | 4.3 |
| 2020-12-09 | CVE-2020-26953 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. | 4.3 |
| 2020-12-09 | CVE-2020-26951 | Cross-site Scripting vulnerability in Mozilla Firefox A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. | 6.1 |
| 2020-10-28 | CVE-2020-6829 | Unspecified vulnerability in Mozilla Firefox When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. | 5.3 |
| 2020-10-22 | CVE-2020-15682 | Origin Validation Error vulnerability in Mozilla Firefox When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. | 6.5 |
| 2020-10-22 | CVE-2020-15680 | Unspecified vulnerability in Mozilla Firefox If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. | 5.3 |
| 2020-10-08 | CVE-2020-12401 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. | 4.7 |
| 2020-10-08 | CVE-2020-12400 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. | 4.7 |
| 2020-10-01 | CVE-2020-15668 | Improper Locking vulnerability in Mozilla Firefox A lock was missing when accessing a data structure and importing certificate information into the trust database. | 4.3 |
| 2020-10-01 | CVE-2020-15666 | Information Exposure Through an Error Message vulnerability in Mozilla Firefox When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. | 6.5 |