AVG-1279 log

Package firefox
Status Fixed
Severity Critical
Type multiple issues
Affected 82.0.3-1
Fixed 83.0-1
Current 133.0.3-2 [extra]
Ticket None
Created Tue Nov 17 18:15:06 2020
Issue Severity Remote Type Description
CVE-2020-26969 Critical Yes Arbitrary code execution
Several memory safety issues have been found in Firefox before 83.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2020-26968 Critical Yes Arbitrary code execution
Several memory safety issues have been found in Firefox before 83.0 and Firefox ESR before 78.4. Some of these bugs showed evidence of memory corruption and...
CVE-2020-26967 Low Yes Incorrect calculation
A security issue has been found in Firefox before 83.0 where, when listening for page changes with a Mutation Observer, a malicious web page could confuse...
CVE-2020-26965 Low No Information disclosure
An information disclosure issue has been found in Firefox before 83.0. Some websites have a feature "Show Password" where clicking a button will change a...
CVE-2020-26963 Low Yes Denial of service
A denial of service issue has been found in Firefox before 83.0, where repeated calls to the history and location interfaces could have been used to hang...
CVE-2020-26962 Low Yes Access restriction bypass
A security issue has been found in Firefox before 83.0, where cross- origin iframes that contained a login form could have been recognized by the login...
CVE-2020-26961 Medium Yes Insufficient validation
A security issue has been found in Firefox before 83.0 where, when DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the...
CVE-2020-26960 Medium Yes Arbitrary code execution
A security issue has been found in Firefox before 83.0 where, if the Compact() method was called on an nsTArray, the array could have been reallocated...
CVE-2020-26959 Medium Yes Arbitrary code execution
A security issue has been found in Firefox before 83.0 where, during browser shutdown, reference decrementing could have occurred on a previously freed...
CVE-2020-26958 Medium Yes Access restriction bypass
Firefox before 83.0 did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This...
CVE-2020-26956 Medium Yes Cross-site scripting
A security issue has been found in Firefox before 83.0 where, in some cases, removing HTML elements during sanitization would keep existing SVG event...
CVE-2020-26953 Medium Yes Content spoofing
A security issue has been found in Firefox before 83.0 where it was possible to cause the browser to enter fullscreen mode without displaying the security...
CVE-2020-26952 High Yes Arbitrary code execution
A security issue has been found in Firefox before 83.0 where incorrect bookkeeping of functions inlined during JIT compilation could have led to memory...
CVE-2020-26951 High Yes Access restriction bypass
A parsing and event loading mismatch has been found in Firefox's SVG code before 83.0 and could have allowed load events to fire, even after sanitization....
CVE-2020-16012 Medium Yes Information disclosure
An information disclosure issue has been found in Firefox before 83.0 and chromium before 87.0.4280.66. When drawing a transparent image on top of an...
CVE-2020-15999 High Yes Arbitrary code execution
A heap buffer overflow has been found in freetype2 before 2.10.4. Malformed TTF files with PNG sbit glyphs can cause a heap buffer overflow in Load_SBit_Png...
Date Advisory Package Type
17 Nov 2020 ASA-202011-12 firefox multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/