|
208581
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerabili…
|
CWE-416
Use After Free
|
CVE-2020-26960
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208582
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerabil…
|
CWE-416
Use After Free
|
CVE-2020-26959
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208583
|
6.1 |
MEDIUM
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerabili…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26958
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208584
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. *Note: This issue only affect…
|
CWE-665
Improper Initialization
|
CVE-2020-26957
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208585
|
6.1 |
MEDIUM
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbir…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26956
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208586
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original…
|
CWE-565
Reliance on Cookies without Validation and Integrity Checking
|
CVE-2020-26955
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208587
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be u…
|
NVD-CWE-Other
|
CVE-2020-26954
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208588
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerabilit…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2020-26953
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208589
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
|
Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affect…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-26952
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208590
|
6.1 |
MEDIUM
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privilege…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26951
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
