|
211371
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
By attempting to connect a website using an unresponsive port, an attacker could have controlled the content of a tab while the URL bar displayed the original domain. *Note: This issue only affects F…
|
NVD-CWE-noinfo
|
CVE-2020-26977
|
2024-11-21 14:20 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211372
|
6.5 |
MEDIUM
Network
|
mozilla
debian
|
firefox
debian_linux
|
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe …
|
NVD-CWE-noinfo
|
CVE-2020-26976
|
2024-11-21 14:20 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211373
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authori…
|
NVD-CWE-noinfo
|
CVE-2020-26975
|
2024-11-21 14:20 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211374
|
8.8 |
HIGH
Network
|
mozilla
|
firefox_esr
thunderbird
firefox
|
When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a poten…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-26974
|
2024-11-21 14:20 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211375
|
8.8 |
HIGH
Network
|
mozilla
|
firefox_esr
thunderbird
firefox
|
Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird …
|
NVD-CWE-noinfo
|
CVE-2020-26973
|
2024-11-21 14:20 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211376
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
|
The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check w…
|
CWE-416
Use After Free
|
CVE-2020-26972
|
2024-11-21 14:20 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211377
|
8.8 |
HIGH
Network
|
mozilla
|
firefox_esr
thunderbird
firefox
|
Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefo…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-26971
|
2024-11-21 14:20 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211378
|
6.1 |
MEDIUM
Network
|
formstone
|
formstone
|
Formstone <=1.4.16 is vulnerable to a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper validation of user supplied input in the upload-target.php and upload-chunked.php files. A …
|
CWE-79
Cross-site Scripting
|
CVE-2020-26768
|
2024-11-21 14:20 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211379
|
5.3 |
MEDIUM
Network
|
redlion
|
crimson
|
An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations.
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2020-27283
|
2024-11-21 14:20 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211380
|
7.5 |
HIGH
Network
|
redlion
|
crimson
|
A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build version…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-27279
|
2024-11-21 14:20 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
