Vulnerabilities > Mozilla > High

DATE CVE VULNERABILITY TITLE RISK
2020-10-20 CVE-2020-25648 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3.
network
low complexity
mozilla redhat fedoraproject oracle CWE-770
7.5
2020-10-01 CVE-2020-15675 Use After Free vulnerability in Mozilla Firefox
When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash.
network
low complexity
mozilla CWE-416
8.8
2020-10-01 CVE-2020-15674 Improper Locking vulnerability in Mozilla Firefox
Mozilla developers reported memory safety bugs present in Firefox 80.
network
low complexity
mozilla CWE-667
8.8
2020-10-01 CVE-2020-15670 Reachable Assertion vulnerability in Mozilla Firefox and Firefox ESR
Mozilla developers reported memory safety bugs present in Firefox for Android 79.
network
low complexity
mozilla CWE-617
8.8
2020-10-01 CVE-2020-15669 Use After Free vulnerability in Mozilla Firefox ESR
When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified.
network
low complexity
mozilla CWE-416
8.8
2020-10-01 CVE-2020-15667 Out-of-bounds Write vulnerability in Mozilla Firefox
When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution.
network
low complexity
mozilla CWE-787
8.8
2020-10-01 CVE-2020-15663 Uncontrolled Search Path Element vulnerability in Mozilla Firefox
If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges.
network
low complexity
mozilla CWE-427
8.8
2020-10-01 CVE-2020-15678 Use After Free vulnerability in multiple products
When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free.
network
low complexity
mozilla opensuse debian CWE-416
8.8
2020-10-01 CVE-2020-15673 Use After Free vulnerability in multiple products
Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2.
network
low complexity
mozilla debian opensuse CWE-416
8.8
2020-08-10 CVE-2020-15659 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0.
network
low complexity
mozilla opensuse canonical CWE-787
8.8