Vulnerabilities > Mozilla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-09 | CVE-2020-26961 | Unspecified vulnerability in Mozilla Firefox When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. | 6.5 |
| 2020-12-09 | CVE-2020-26960 | Use After Free vulnerability in Mozilla Firefox If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. | 8.8 |
| 2020-12-09 | CVE-2020-26959 | Use After Free vulnerability in Mozilla Firefox During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. | 8.8 |
| 2020-12-09 | CVE-2020-26958 | Cross-site Scripting vulnerability in Mozilla Firefox Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. | 6.1 |
| 2020-12-09 | CVE-2020-26957 | Improper Initialization vulnerability in Mozilla Firefox 80.0 OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. | 6.5 |
| 2020-12-09 | CVE-2020-26956 | Cross-site Scripting vulnerability in Mozilla Firefox In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. | 6.1 |
| 2020-12-09 | CVE-2020-26955 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Mozilla Firefox 80.0 When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original and subsequent request were in private and non-private browsing modes. | 6.5 |
| 2020-12-09 | CVE-2020-26954 | Unspecified vulnerability in Mozilla Firefox 80.0 When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. | 4.3 |
| 2020-12-09 | CVE-2020-26953 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. | 4.3 |
| 2020-12-09 | CVE-2020-26952 | Out-of-bounds Write vulnerability in Mozilla Firefox Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. | 8.8 |