Vulnerabilities > Mozilla > High

DATE CVE VULNERABILITY TITLE RISK
2020-05-26 CVE-2020-12393 OS Command Injection vulnerability in Mozilla Firefox
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website.
local
low complexity
mozilla CWE-78
7.8
2020-04-24 CVE-2020-6828 Path Traversal vulnerability in Mozilla Firefox ESR
A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory.
network
low complexity
mozilla CWE-22
7.5
2020-04-24 CVE-2020-6822 Out-of-bounds Write vulnerability in Mozilla Firefox
On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>.
network
low complexity
mozilla CWE-787
8.8
2020-04-24 CVE-2020-6821 Use of Uninitialized Resource vulnerability in Mozilla Firefox
When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero.
network
low complexity
mozilla CWE-908
7.5
2020-04-24 CVE-2020-6820 Race Condition vulnerability in Mozilla Thunderbird
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free.
network
high complexity
mozilla CWE-362
8.1
2020-04-24 CVE-2020-6819 Use After Free vulnerability in Mozilla Thunderbird
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free.
network
high complexity
mozilla CWE-416
8.1
2020-03-25 CVE-2020-6811 Command Injection vulnerability in multiple products
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website.
network
low complexity
mozilla canonical CWE-77
8.8
2020-03-25 CVE-2020-6809 Unspecified vulnerability in Mozilla Firefox
When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files.
network
low complexity
mozilla
7.5
2020-03-25 CVE-2020-6807 Use After Free vulnerability in multiple products
When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash.
network
low complexity
mozilla canonical CWE-416
8.8
2020-03-25 CVE-2020-6806 Out-of-bounds Read vulnerability in multiple products
By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution.
network
low complexity
mozilla canonical CWE-125
8.8