Vulnerabilities > Mozilla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-09 | CVE-2020-26970 | Out-of-bounds Write vulnerability in Mozilla Thunderbird When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. | 8.8 |
| 2020-12-09 | CVE-2020-26969 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers reported memory safety bugs present in Firefox 82. | 8.8 |
| 2020-12-09 | CVE-2020-26968 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. | 8.8 |
| 2020-12-09 | CVE-2020-26960 | Use After Free vulnerability in Mozilla Firefox If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. | 8.8 |
| 2020-12-09 | CVE-2020-26959 | Use After Free vulnerability in Mozilla Firefox During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. | 8.8 |
| 2020-12-09 | CVE-2020-26952 | Out-of-bounds Write vulnerability in Mozilla Firefox Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. | 8.8 |
| 2020-12-09 | CVE-2020-26950 | Use After Free vulnerability in Mozilla Firefox ESR In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. | 8.8 |
| 2020-10-22 | CVE-2020-15681 | Unspecified vulnerability in Mozilla Firefox When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. | 7.5 |
| 2020-10-22 | CVE-2019-17007 | Improper Certificate Validation vulnerability in multiple products In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service. | 7.5 |
| 2020-10-20 | CVE-2020-25648 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. | 7.5 |