Vulnerabilities > Mozilla > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-10 | CVE-2020-15657 | Uncontrolled Search Path Element vulnerability in Mozilla Firefox Firefox could be made to load attacker-supplied DLL files from the installation directory. | 7.8 |
2020-08-10 | CVE-2020-15656 | Type Confusion vulnerability in multiple products JIT optimizations involving the Javascript arguments object could confuse later optimizations. | 8.8 |
2020-08-10 | CVE-2020-15647 | Information Exposure vulnerability in Mozilla Firefox A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. | 7.4 |
2020-07-09 | CVE-2020-12426 | Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 77. | 8.8 |
2020-07-09 | CVE-2020-12423 | Uncontrolled Search Path Element vulnerability in Mozilla Firefox When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. | 7.8 |
2020-07-09 | CVE-2020-12422 | Out-of-bounds Write vulnerability in multiple products In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. | 8.8 |
2020-07-09 | CVE-2020-12420 | Use After Free vulnerability in multiple products When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. | 8.8 |
2020-07-09 | CVE-2020-12419 | Use After Free vulnerability in multiple products When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. | 8.8 |
2020-07-09 | CVE-2020-12417 | Incorrect Conversion between Numeric Types vulnerability in multiple products Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. | 8.8 |
2020-07-09 | CVE-2020-12416 | Use After Free vulnerability in multiple products A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. | 8.8 |