Vulnerabilities > Mozilla > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-05 | CVE-2021-29971 | Improper Preservation of Permissions vulnerability in Mozilla Firefox If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. | 9.8 |
| 2021-08-05 | CVE-2021-29978 | Unspecified vulnerability in Mozilla VPN Multiple low security issues were discovered and fixed in a security audit of Mozilla VPN 2.x branch as part of a 3rd party security audit. | 9.8 |
| 2021-06-24 | CVE-2021-29954 | Cleartext Storage of Sensitive Information vulnerability in Mozilla Hubs Cloud Reticulum Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. | 9.8 |
| 2021-05-27 | CVE-2020-12403 | Out-of-bounds Read vulnerability in Mozilla NSS A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. | 9.1 |
| 2021-01-07 | CVE-2020-26972 | Use After Free vulnerability in Mozilla Firefox The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. | 9.8 |
| 2020-10-22 | CVE-2020-15684 | Use After Free vulnerability in Mozilla Firefox Mozilla developers reported memory safety bugs present in Firefox 81. | 9.8 |
| 2020-10-22 | CVE-2020-15683 | Use After Free vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. | 9.8 |
| 2020-10-22 | CVE-2019-17006 | Improper Input Validation vulnerability in multiple products In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. | 9.8 |
| 2020-05-26 | CVE-2020-6831 | Out-of-bounds Write vulnerability in multiple products A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. | 9.8 |
| 2020-05-26 | CVE-2020-12390 | Deserialization of Untrusted Data vulnerability in Mozilla Firefox Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. | 9.8 |