Vulnerabilities > Mozilla > High

DATE CVE VULNERABILITY TITLE RISK
2021-01-07 CVE-2020-26971 Out-of-bounds Write vulnerability in Mozilla Firefox ESR
Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers.
network
low complexity
mozilla CWE-787
8.8
2020-12-09 CVE-2020-26970 Out-of-bounds Write vulnerability in Mozilla Thunderbird
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte.
network
low complexity
mozilla CWE-787
8.8
2020-12-09 CVE-2020-26969 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers reported memory safety bugs present in Firefox 82.
network
low complexity
mozilla CWE-787
8.8
2020-12-09 CVE-2020-26968 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4.
network
low complexity
mozilla CWE-787
8.8
2020-12-09 CVE-2020-26960 Use After Free vulnerability in Mozilla Firefox
If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash.
network
low complexity
mozilla CWE-416
8.8
2020-12-09 CVE-2020-26959 Use After Free vulnerability in Mozilla Firefox
During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash.
network
low complexity
mozilla CWE-416
8.8
2020-12-09 CVE-2020-26952 Out-of-bounds Write vulnerability in Mozilla Firefox
Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors.
network
low complexity
mozilla CWE-787
8.8
2020-12-09 CVE-2020-26950 Use After Free vulnerability in Mozilla Firefox ESR
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition.
network
low complexity
mozilla CWE-416
8.8
2020-10-22 CVE-2020-15681 Unspecified vulnerability in Mozilla Firefox
When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash.
network
low complexity
mozilla
7.5
2020-10-22 CVE-2019-17007 Improper Certificate Validation vulnerability in multiple products
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.
network
low complexity
mozilla siemens CWE-295
7.5