|
196291
|
8.8 |
HIGH
Network
|
mozilla
canonical
|
thunderbird
firefox
firefox_esr
ubuntu_linux
|
Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enoug…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-6800
|
2024-11-21 14:36 |
2020-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196292
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
firefox_esr
|
Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a gi…
|
CWE-88
Argument Injection
|
CVE-2020-6799
|
2024-11-21 14:36 |
2020-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196293
|
6.1 |
MEDIUM
Network
|
mozilla
|
thunderbird
firefox
firefox_esr
|
If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6798
|
2024-11-21 14:36 |
2020-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196294
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download …
|
CWE-20
Improper Input Validation
|
CVE-2020-6797
|
2024-11-21 14:36 |
2020-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196295
|
6.5 |
MEDIUM
Network
|
mozilla
|
thunderbird
|
When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash. This vulnerability affects …
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-6795
|
2024-11-21 14:36 |
2020-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196296
|
6.5 |
MEDIUM
Network
|
mozilla
canonical
|
thunderbird
ubuntu_linux
|
If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was no…
|
CWE-312
CWE-459
CWE-522
Cleartext Storage of Sensitive Information
Incomplete Cleanup
Insufficiently Protected Credentials
|
CVE-2020-6794
|
2024-11-21 14:36 |
2020-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196297
|
6.5 |
MEDIUM
Network
|
mozilla
|
thunderbird
|
When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird < 68.5.
|
CWE-908
Use of Uninitialized Resource
|
CVE-2020-6793
|
2024-11-21 14:36 |
2020-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196298
|
4.3 |
MEDIUM
Network
|
mozilla
canonical
|
thunderbird
ubuntu_linux
|
When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5.
|
CWE-908
CWE-909
Use of Uninitialized Resource
Missing Initialization of Resource
|
CVE-2020-6792
|
2024-11-21 14:36 |
2020-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196299
|
6.1 |
MEDIUM
Network
|
mozilla
|
webthings_gateway
|
A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attack…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6804
|
2024-11-21 14:36 |
2020-02-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196300
|
6.1 |
MEDIUM
Network
|
mozilla
|
webthings_gateway
|
An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in.
|
CWE-601
Open Redirect
|
CVE-2020-6803
|
2024-11-21 14:36 |
2020-02-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
