VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2020-26950HigDec 9, 2020
    risk 0.64cvss 8.8epss 0.42

    In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2.

  • CVE-2020-15684CriOct 22, 2020
    risk 0.64cvss 9.8epss 0.01

    Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 82.

  • CVE-2020-15683CriOct 22, 2020
    risk 0.64cvss 9.8epss 0.03

    Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This…

  • CVE-2020-6831CriMay 26, 2020
    risk 0.64cvss 9.8epss 0.06

    A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

  • CVE-2020-12390CriMay 26, 2020
    risk 0.64cvss 9.8epss 0.02

    Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox < 76.

  • CVE-2020-12396CriMay 26, 2020
    risk 0.64cvss 9.8epss 0.02

    Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects…

  • CVE-2020-12395CriMay 26, 2020
    risk 0.64cvss 9.8epss 0.02

    Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This…

  • CVE-2020-6826CriApr 24, 2020
    risk 0.64cvss 9.8epss 0.01

    Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This…

  • CVE-2020-6825CriApr 24, 2020
    risk 0.64cvss 9.8epss 0.02

    Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been…

  • CVE-2020-6823CriApr 24, 2020
    risk 0.64cvss 9.8epss 0.02

    A malicious extension could have called browser.identity.launchWebAuthFlow, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. This vulnerability affects Firefox < 75.

  • CVE-2020-6815CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.01

    Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with enough effort some of these could have been exploited to run arbitrary code. This…

  • CVE-2020-6814CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.02

    Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects…

  • CVE-2019-11734CriSep 27, 2019
    risk 0.64cvss 9.8epss 0.01

    Mozilla developers and community members reported memory safety bugs present in Firefox 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects…

  • CVE-2019-11733CriSep 27, 2019
    risk 0.64cvss 9.8epss 0.01

    When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering…

  • CVE-2019-9820CriJul 23, 2019
    risk 0.64cvss 9.8epss 0.02

    A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

  • CVE-2019-9819CriJul 23, 2019
    risk 0.64cvss 9.8epss 0.02

    A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

  • CVE-2019-9814CriJul 23, 2019
    risk 0.64cvss 9.8epss 0.01

    Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects…

  • CVE-2019-9800CriJul 23, 2019
    risk 0.64cvss 9.8epss 0.02

    Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run…

  • CVE-2019-11714CriJul 23, 2019
    risk 0.64cvss 9.8epss 0.02

    Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 68.

  • CVE-2019-11713CriJul 23, 2019
    risk 0.64cvss 9.8epss 0.02

    A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Page 11 of 159