Vulnerabilities > Mozilla > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-08-10 CVE-2020-15648 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox
Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header.
network
low complexity
mozilla CWE-1021
6.5
2020-07-09 CVE-2020-12425 Out-of-bounds Read vulnerability in Mozilla Firefox
Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure.
network
low complexity
mozilla CWE-125
6.5
2020-07-09 CVE-2020-12421 Improper Certificate Validation vulnerability in multiple products
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user.
network
low complexity
mozilla canonical CWE-295
6.5
2020-07-09 CVE-2020-12418 Out-of-bounds Read vulnerability in multiple products
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript.
network
low complexity
mozilla canonical opensuse CWE-125
6.5
2020-07-09 CVE-2020-12415 Incorrect Default Permissions vulnerability in multiple products
When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory.
network
low complexity
mozilla opensuse CWE-276
6.5
2020-07-09 CVE-2020-12414 Incomplete Cleanup vulnerability in Mozilla Firefox
IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode.
network
low complexity
mozilla CWE-459
6.5
2020-07-09 CVE-2020-12412 Unspecified vulnerability in Mozilla Firefox
By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents.
network
low complexity
mozilla
4.3
2020-07-09 CVE-2020-12408 Unspecified vulnerability in Mozilla Firefox
When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar.
network
low complexity
mozilla
6.5
2020-07-09 CVE-2020-12407 Out-of-bounds Read vulnerability in Mozilla Firefox
Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen.
network
low complexity
mozilla CWE-125
6.5
2020-07-09 CVE-2020-12405 Use After Free vulnerability in multiple products
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash.
network
high complexity
mozilla canonical CWE-416
5.3