Vulnerabilities > Mozilla > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-26 | CVE-2021-23971 | Unspecified vulnerability in Mozilla Firefox When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. | 6.5 |
| 2021-02-26 | CVE-2021-23970 | Reachable Assertion vulnerability in Mozilla Firefox Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. | 6.5 |
| 2021-02-26 | CVE-2021-23969 | As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. | 4.3 |
| 2021-02-26 | CVE-2021-23968 | Information Exposure Through an Error Message vulnerability in multiple products If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. | 4.3 |
| 2021-01-08 | CVE-2020-16012 | Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 4.3 |
| 2021-01-07 | CVE-2020-35111 | Unspecified vulnerability in Mozilla Firefox ESR When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. | 4.3 |
| 2021-01-07 | CVE-2020-26979 | Open Redirect vulnerability in Mozilla Firefox When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the desired, entered address. | 6.1 |
| 2021-01-07 | CVE-2020-26978 | Unspecified vulnerability in Mozilla Firefox ESR Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. | 6.1 |
| 2021-01-07 | CVE-2020-26977 | Unspecified vulnerability in Mozilla Firefox 80.0/83.0 By attempting to connect a website using an unresponsive port, an attacker could have controlled the content of a tab while the URL bar displayed the original domain. | 6.5 |
| 2021-01-07 | CVE-2020-26976 | When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. | 6.5 |