| CVE-2020-26969 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety issues have been found in Firefox before 83.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with... |
| CVE-2020-26968 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety issues have been found in Firefox before 83.0 and Firefox ESR before 78.4. Some of these bugs showed evidence of memory corruption and... |
| CVE-2020-26967 |
Low |
Yes |
Incorrect calculation |
A security issue has been found in Firefox before 83.0 where, when listening for page changes with a Mutation Observer, a malicious web page could confuse... |
| CVE-2020-26965 |
Low |
No |
Information disclosure |
An information disclosure issue has been found in Firefox before 83.0. Some websites have a feature "Show Password" where clicking a button will change a... |
| CVE-2020-26963 |
Low |
Yes |
Denial of service |
A denial of service issue has been found in Firefox before 83.0, where repeated calls to the history and location interfaces could have been used to hang... |
| CVE-2020-26962 |
Low |
Yes |
Access restriction bypass |
A security issue has been found in Firefox before 83.0, where cross- origin iframes that contained a login form could have been recognized by the login... |
| CVE-2020-26961 |
Medium |
Yes |
Insufficient validation |
A security issue has been found in Firefox before 83.0 where, when DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the... |
| CVE-2020-26960 |
Medium |
Yes |
Arbitrary code execution |
A security issue has been found in Firefox before 83.0 where, if the Compact() method was called on an nsTArray, the array could have been reallocated... |
| CVE-2020-26959 |
Medium |
Yes |
Arbitrary code execution |
A security issue has been found in Firefox before 83.0 where, during browser shutdown, reference decrementing could have occurred on a previously freed... |
| CVE-2020-26958 |
Medium |
Yes |
Access restriction bypass |
Firefox before 83.0 did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This... |
| CVE-2020-26956 |
Medium |
Yes |
Cross-site scripting |
A security issue has been found in Firefox before 83.0 where, in some cases, removing HTML elements during sanitization would keep existing SVG event... |
| CVE-2020-26953 |
Medium |
Yes |
Content spoofing |
A security issue has been found in Firefox before 83.0 where it was possible to cause the browser to enter fullscreen mode without displaying the security... |
| CVE-2020-26952 |
High |
Yes |
Arbitrary code execution |
A security issue has been found in Firefox before 83.0 where incorrect bookkeeping of functions inlined during JIT compilation could have led to memory... |
| CVE-2020-26951 |
High |
Yes |
Access restriction bypass |
A parsing and event loading mismatch has been found in Firefox's SVG code before 83.0 and could have allowed load events to fire, even after sanitization.... |
| CVE-2020-16012 |
Medium |
Yes |
Information disclosure |
An information disclosure issue has been found in Firefox before 83.0 and chromium before 87.0.4280.66. When drawing a transparent image on top of an... |
| CVE-2020-15999 |
High |
Yes |
Arbitrary code execution |
A heap buffer overflow has been found in freetype2 before 2.10.4. Malformed TTF files with PNG sbit glyphs can cause a heap buffer overflow in Load_SBit_Png... |