Mozilla

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-12395 2Canonical Mozilla 4Firefox Firefox EsrThunderbird+1 more Jun 17, 2026 May 26, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes...Show more Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.Show less
CVE-2020-12394 1Mozilla 1Firefox Jun 17, 2026 May 26, 2020 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element. This vulnerability affects Fire...Show more A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element. This vulnerability affects Firefox < 76.Show less
CVE-2020-12393 1Mozilla 3Firefox Firefox EsrThunderbird Jun 17, 2026 May 26, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a te...Show more The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. Note: this issue only affects Firefox on Windows operating systems.. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.Show less
CVE-2020-12397 2Canonical Mozilla 2Thunderbird Ubuntu Linux Jun 17, 2026 May 22, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0.
CVE-2020-6828 1Mozilla 1Firefox Esr Jun 17, 2026 Apr 24, 2020 N/A· v4 7.5 HIGH· v3 6.4 MEDIUM· v2 A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this wou...Show more A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference values. Control of arbitrary preferences can lead to sufficient compromise such that it is generally equivalent to arbitrary code execution.<br> Note: This issue only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox ESR < 68.7.Show less
CVE-2020-6827 1Mozilla 1Firefox Esr Jun 17, 2026 Apr 24, 2020 N/A· v4 4.7 MEDIUM· v3 4.3 MEDIUM· v2 When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. <br> Note: This issue only affects Firefox for Andro...Show more When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. <br> Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7.Show less
CVE-2020-6826 1Mozilla 1Firefox Jun 17, 2026 Apr 24, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of th...Show more Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 75.Show less
CVE-2020-6825 1Mozilla 3Firefox Firefox EsrThunderbird Jun 17, 2026 Apr 24, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume tha...Show more Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.Show less
CVE-2020-6824 1Mozilla 1Firefox Jun 17, 2026 Apr 24, 2020 N/A· v4 2.8 LOW· v3 1.9 LOW· v2 Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. Subsequently, if the user had opened a new Private Browsing Window,...Show more Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. Subsequently, if the user had opened a new Private Browsing Window, revisited the same site, and generated a new password - the generated passwords would have been identical, rather than independent. This vulnerability affects Firefox < 75.Show less
CVE-2020-6823 1Mozilla 1Firefox Jun 17, 2026 Apr 24, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the s...Show more A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. This vulnerability affects Firefox < 75.Show less
CVE-2020-6822 1Mozilla 3Firefox Firefox EsrThunderbird Jun 17, 2026 Apr 24, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is possible that with enough effort this could have been exploited to run arbitrary...Show more On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.Show less
CVE-2020-6821 1Mozilla 3Firefox Firefox EsrThunderbird Jun 17, 2026 Apr 24, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memory was uninitialized,...Show more When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.Show less
CVE-2020-6820 1Mozilla 2Firefox Thunderbird Jun 17, 2026 Apr 24, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Fire...Show more Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.Show less
CVE-2020-6819 1Mozilla 2Firefox Thunderbird Jun 17, 2026 Apr 24, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7...Show more Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.Show less
CVE-2020-6815 1Mozilla 1Firefox Jun 17, 2026 Mar 25, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with enough effort some of th...Show more Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 74.Show less
CVE-2020-6814 2Canonical Mozilla 4Firefox Firefox EsrThunderbird+1 more Jun 17, 2026 Mar 25, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploit...Show more Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.Show less
CVE-2020-6813 1Mozilla 1Firefox Jun 17, 2026 Mar 25, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy...Show more When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox < 74.Show less
CVE-2020-6812 2Canonical Mozilla 4Firefox Firefox EsrThunderbird+1 more Jun 17, 2026 Mar 25, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosin...Show more The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.Show less
CVE-2020-6811 2Canonical Mozilla 4Firefox Firefox EsrThunderbird+1 more Jun 17, 2026 Mar 25, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a te...Show more The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.Show less
CVE-2020-6810 1Mozilla 1Firefox Jun 17, 2026 Mar 25, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this coul...Show more After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin of the page and credential theft or other attacks. This vulnerability affects Firefox < 74.Show less

Previous 1...646566...180 Next