| CVE-2020-12411 |
High |
Yes |
Arbitrary code execution |
Mozilla developers :Gijs (he/him), Randell Jesup reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption... |
| CVE-2020-12410 |
High |
Yes |
Arbitrary code execution |
Mozilla developers Tom Tung and Karl Tomlinson reported memory safety bugs present in Firefox 76, Firefox ESR 68.8 and Thunderbird before 68.9.0. Some of... |
| CVE-2020-12409 |
Low |
Yes |
Content spoofing |
When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. |
| CVE-2020-12408 |
Low |
Yes |
Content spoofing |
When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. |
| CVE-2020-12407 |
Medium |
Yes |
Denial of service |
Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The... |
| CVE-2020-12406 |
High |
Yes |
Arbitrary code execution |
Mozilla Developer Iain Ireland discovered a missing type check in Firefox before 77.0 and Thunderbird before 68.9.0 during unboxed objects removal,... |
| CVE-2020-12405 |
High |
Yes |
Denial of service |
When browsing a malicious page in Firefox before 77.0 and Thunderbird before 68.9.0, a race condition in our SharedWorkerService could occur and lead to a... |
| CVE-2020-12399 |
High |
Yes |
Private key recovery |
NSS before 3.52.1, as used in Firefox before 77.0 and Thunderbird before 68.9.0, has shown timing differences when performing DSA signatures, which was... |