Vulnerabilities > Mozilla > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-05-26 CVE-2020-12389 Improper Input Validation vulnerability in Mozilla Firefox
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape.
network
low complexity
mozilla CWE-20
critical
10.0
2020-05-26 CVE-2020-12388 Improper Input Validation vulnerability in Mozilla Firefox
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape.
network
low complexity
mozilla CWE-20
critical
10.0
2020-05-26 CVE-2020-12396 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers and community members reported memory safety bugs present in Firefox 75.
network
low complexity
mozilla CWE-787
critical
9.8
2020-05-26 CVE-2020-12395 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7.
network
low complexity
mozilla canonical CWE-787
critical
9.8
2020-04-24 CVE-2020-6826 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74.
network
low complexity
mozilla CWE-787
critical
9.8
2020-04-24 CVE-2020-6825 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6.
network
low complexity
mozilla CWE-787
critical
9.8
2020-04-24 CVE-2020-6823 Missing Authorization vulnerability in Mozilla Firefox
A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider.
network
low complexity
mozilla CWE-862
critical
9.8
2020-03-25 CVE-2020-6815 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers reported memory safety and script safety bugs present in Firefox 73.
network
low complexity
mozilla CWE-787
critical
9.8
2020-03-25 CVE-2020-6814 Out-of-bounds Write vulnerability in multiple products
Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5.
network
low complexity
mozilla canonical CWE-787
critical
9.8
2020-01-08 CVE-2019-9812 Unspecified vulnerability in Mozilla Firefox
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account.
network
low complexity
mozilla
critical
9.3