|
208781
|
6.8 |
MEDIUM
Network
|
mozilla
|
firefox
|
If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privile…
|
NVD-CWE-noinfo
|
CVE-2020-26964
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208782
|
6.1 |
MEDIUM
Network
|
mozilla
|
firefox
|
Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across …
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2020-26962
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208783
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped…
|
NVD-CWE-noinfo
|
CVE-2020-26961
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208784
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerabili…
|
CWE-416
Use After Free
|
CVE-2020-26960
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208785
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerabil…
|
CWE-416
Use After Free
|
CVE-2020-26959
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208786
|
6.1 |
MEDIUM
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerabili…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26958
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208787
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. *Note: This issue only affect…
|
CWE-665
Improper Initialization
|
CVE-2020-26957
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208788
|
6.1 |
MEDIUM
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbir…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26956
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208789
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original…
|
CWE-565
Reliance on Cookies without Validation and Integrity Checking
|
CVE-2020-26955
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208790
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be u…
|
NVD-CWE-Other
|
CVE-2020-26954
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
