|
210121
|
6.5 |
MEDIUM
Network
|
mozilla
canonical
|
thunderbird
firefox_esr
firefox
ubuntu_linux
|
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived brok…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-15654
|
2024-11-21 14:05 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210122
|
6.5 |
MEDIUM
Network
|
mozilla
canonical
|
thunderbird
firefox_esr
firefox
ubuntu_linux
|
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed po…
|
NVD-CWE-Other
|
CVE-2020-15653
|
2024-11-21 14:05 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210123
|
6.5 |
MEDIUM
Network
|
mozilla
canonical
|
firefox
firefox_esr
thunderbird
ubuntu_linux
|
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulne…
|
CWE-346
Origin Validation Error
|
CVE-2020-15652
|
2024-11-21 14:05 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210124
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS < …
|
NVD-CWE-noinfo
|
CVE-2020-15651
|
2024-11-21 14:05 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210125
|
5.5 |
MEDIUM
Local
|
mozilla
|
firefox_esr
|
Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only a…
|
NVD-CWE-noinfo
|
CVE-2020-15650
|
2024-11-21 14:05 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210126
|
5.5 |
MEDIUM
Local
|
mozilla
|
firefox_esr
|
Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-15649
|
2024-11-21 14:05 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210127
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
thunderbird
|
Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2.
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2020-15648
|
2024-11-21 14:05 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210128
|
7.4 |
HIGH
Network
|
mozilla
|
firefox
|
A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. This…
|
CWE-200
Information Exposure
|
CVE-2020-15647
|
2024-11-21 14:05 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210129
|
8.8 |
HIGH
Local
|
passmark
|
performancetest
osforensics
burnintest
|
An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to r…
|
NVD-CWE-noinfo
|
CVE-2020-15480
|
2024-11-21 14:05 |
2020-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210130
|
8.8 |
HIGH
Local
|
passmark
|
performancetest
osforensics
burnintest
|
An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The driver's IOCTL request handler attempts to copy the input buffer onto the stac…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-15479
|
2024-11-21 14:05 |
2020-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
