Max CVSS 10.0 Min CVSS 4.3 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2019-15903 5.0
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-r
20-10-2020 - 22:15 04-09-2019 - 06:15
CVE-2020-15678 6.8
When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidat
17-10-2020 - 11:15 01-10-2020 - 19:15
CVE-2020-15669 6.8
When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code. This vu
02-10-2020 - 19:02 01-10-2020 - 19:15
CVE-2020-6514 4.3
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.
22-09-2020 - 09:15 22-07-2020 - 17:15
CVE-2019-9813 6.8
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
24-08-2020 - 17:37 26-04-2019 - 17:29
CVE-2019-9811 5.1
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox <
24-08-2020 - 17:37 23-07-2019 - 14:15
CVE-2020-12421 4.3
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the u
27-07-2020 - 02:15 09-07-2020 - 15:15
CVE-2020-6831 7.5
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
23-07-2020 - 19:37 26-05-2020 - 18:15
CVE-2020-12410 9.3
Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. T
22-07-2020 - 16:15 09-07-2020 - 15:15
CVE-2020-6825 7.5
Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of t
01-05-2020 - 16:07 24-04-2020 - 16:15
CVE-2020-6820 6.8
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR
01-05-2020 - 13:47 24-04-2020 - 16:15
CVE-2020-6814 7.5
Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This
22-04-2020 - 20:15 25-03-2020 - 22:15
CVE-2019-17026 6.8
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, an
12-03-2020 - 21:15 02-03-2020 - 05:15
CVE-2020-6800 6.8
Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to
12-03-2020 - 00:15 02-03-2020 - 05:15
CVE-2019-17012 6.8
Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. T
16-01-2020 - 19:15 08-01-2020 - 22:15
CVE-2019-9812 5.8
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that di
13-01-2020 - 19:51 08-01-2020 - 22:15
CVE-2019-11708 10.0
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vuln
15-08-2019 - 18:15 23-07-2019 - 14:15
CVE-2019-9820 7.5
A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
26-07-2019 - 16:15 23-07-2019 - 14:15
Back to Top Mark selected
Back to Top