Vulnerabilities > Mozilla > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-26 | CVE-2020-12389 | Improper Input Validation vulnerability in Mozilla Firefox The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. | 10.0 |
2020-05-26 | CVE-2020-12388 | Improper Input Validation vulnerability in Mozilla Firefox The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. | 10.0 |
2020-05-26 | CVE-2020-12396 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers and community members reported memory safety bugs present in Firefox 75. | 9.8 |
2020-05-26 | CVE-2020-12395 | Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. | 9.8 |
2020-04-24 | CVE-2020-6826 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. | 9.8 |
2020-04-24 | CVE-2020-6825 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. | 9.8 |
2020-04-24 | CVE-2020-6823 | Missing Authorization vulnerability in Mozilla Firefox A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. | 9.8 |
2020-03-25 | CVE-2020-6815 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers reported memory safety and script safety bugs present in Firefox 73. | 9.8 |
2020-03-25 | CVE-2020-6814 | Out-of-bounds Write vulnerability in multiple products Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. | 9.8 |
2020-01-08 | CVE-2019-9812 | Unspecified vulnerability in Mozilla Firefox Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. | 9.3 |