|
197091
|
8.8 |
HIGH
Network
|
mozilla
canonical
|
firefox_esr
thunderbird
firefox
ubuntu_linux
|
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted …
|
CWE-77
Command Injection
|
CVE-2020-6811
|
2024-11-21 14:36 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197092
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the brow…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-6810
|
2024-11-21 14:36 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197093
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
|
When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firef…
|
NVD-CWE-noinfo
|
CVE-2020-6809
|
2024-11-21 14:36 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197094
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL (as reported by…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-6808
|
2024-11-21 14:36 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197095
|
8.8 |
HIGH
Network
|
mozilla
canonical
|
firefox_esr
thunderbird
firefox
ubuntu_linux
|
When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potential…
|
CWE-416
Use After Free
|
CVE-2020-6807
|
2024-11-21 14:36 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197096
|
8.8 |
HIGH
Network
|
mozilla
canonical
|
firefox_esr
thunderbird
firefox
ubuntu_linux
|
By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a poten…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-6806
|
2024-11-21 14:36 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197097
|
8.8 |
HIGH
Network
|
mozilla
canonical
|
firefox_esr
thunderbird
firefox
ubuntu_linux
|
When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbi…
|
CWE-416
Use After Free
|
CVE-2020-6805
|
2024-11-21 14:36 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197098
|
6.1 |
MEDIUM
Network
|
mozilla
fedoraproject
|
bleach
fedora
|
In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False.
|
CWE-79
Cross-site Scripting
|
CVE-2020-6816
|
2024-11-21 14:36 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197099
|
6.1 |
MEDIUM
Network
|
mozilla
fedoraproject
|
bleach
fedora
|
In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option.
|
CWE-79
Cross-site Scripting
|
CVE-2020-6802
|
2024-11-21 14:36 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197100
|
9.8 |
CRITICAL
Network
|
moxa
|
eds-g516e_firmware
eds-510e_firmware
|
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7007
|
2024-11-21 14:36 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
