Vulnerabilities > Mozilla > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-09 | CVE-2020-26956 | Cross-site Scripting vulnerability in Mozilla Firefox In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. | 6.1 |
| 2020-12-09 | CVE-2020-26955 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Mozilla Firefox 80.0 When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original and subsequent request were in private and non-private browsing modes. | 6.5 |
| 2020-12-09 | CVE-2020-26954 | Unspecified vulnerability in Mozilla Firefox 80.0 When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. | 4.3 |
| 2020-12-09 | CVE-2020-26953 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. | 4.3 |
| 2020-12-09 | CVE-2020-26951 | Cross-site Scripting vulnerability in Mozilla Firefox A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. | 6.1 |
| 2020-10-28 | CVE-2020-6829 | Unspecified vulnerability in Mozilla Firefox When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. | 5.3 |
| 2020-10-22 | CVE-2020-15682 | Origin Validation Error vulnerability in Mozilla Firefox When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. | 6.5 |
| 2020-10-22 | CVE-2020-15680 | Unspecified vulnerability in Mozilla Firefox If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. | 5.3 |
| 2020-10-22 | CVE-2018-18508 | NULL Pointer Dereference vulnerability in multiple products In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service. | 6.5 |
| 2020-10-08 | CVE-2020-12401 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. | 4.7 |