|
209871
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remember…
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2020-26965
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209872
|
6.8 |
MEDIUM
Network
|
mozilla
|
firefox
|
If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privile…
|
NVD-CWE-noinfo
|
CVE-2020-26964
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209873
|
6.1 |
MEDIUM
Network
|
mozilla
|
firefox
|
Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across …
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2020-26962
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209874
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped…
|
NVD-CWE-noinfo
|
CVE-2020-26961
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209875
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerabili…
|
CWE-416
Use After Free
|
CVE-2020-26960
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209876
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerabil…
|
CWE-416
Use After Free
|
CVE-2020-26959
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209877
|
6.1 |
MEDIUM
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerabili…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26958
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209878
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. *Note: This issue only affect…
|
CWE-665
Improper Initialization
|
CVE-2020-26957
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209879
|
6.1 |
MEDIUM
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbir…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26956
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209880
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original…
|
CWE-565
Reliance on Cookies without Validation and Integrity Checking
|
CVE-2020-26955
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
