High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-09	CVE-2020-12410	Out-of-bounds Write vulnerability in multiple products Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. network low complexity mozilla canonical CWE-787	8.8
2020-07-09	CVE-2020-12409	Unspecified vulnerability in Mozilla Firefox When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. network low complexity mozilla	8.8
2020-07-09	CVE-2020-12406	Insufficient Verification of Data Authenticity vulnerability in multiple products Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. network low complexity mozilla canonical CWE-345	8.8
2020-07-09	CVE-2020-12398	Cleartext Transmission of Sensitive Information vulnerability in multiple products If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. network low complexity mozilla canonical CWE-319	7.5
2020-07-09	CVE-2018-12371	Integer Overflow or Wraparound vulnerability in Mozilla Firefox An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. network low complexity mozilla CWE-190	8.8
2020-06-03	CVE-2020-13790	Out-of-bounds Read vulnerability in multiple products libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. network low complexity libjpeg-turbo mozilla CWE-125	8.1
2020-05-26	CVE-2020-6830	Information Exposure vulnerability in Mozilla Firefox For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. network low complexity mozilla CWE-200	7.5
2020-05-26	CVE-2020-12391	Incorrect Authorization vulnerability in Mozilla Firefox Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. network low complexity mozilla CWE-863	7.5
2020-05-26	CVE-2020-12387	Use After Free vulnerability in Mozilla Thunderbird A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. network high complexity mozilla CWE-416	8.1
2020-05-26	CVE-2020-12393	OS Command Injection vulnerability in Mozilla Firefox The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. local low complexity mozilla CWE-78	7.8