CVE search results

961 – 970 of 2924 results

Detailed view

Sort by:

CVE-2020-15649

Medium priority

Not affected

Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other...

7 affected packages

firefox, firefox-esr, mozjs38, mozjs52, mozjs60...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	Not in release	Not affected
firefox-esr	—	—	Not in release	Not in release
mozjs38	—	—	Not in release	Not affected
mozjs52	—	—	Not affected	Not affected
mozjs60	—	—	Not in release	Not in release
mozjs68	—	—	Not affected	Not in release
thunderbird	—	—	Not in release	Not affected

CVE-2020-15648

Medium priority

Some fixes available 13 of 20

Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2.

6 affected packages

thunderbird, firefox, mozjs38, mozjs52, mozjs60, mozjs68

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
thunderbird	Not affected	Not affected	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs60	Not in release	Not in release	Not in release	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release

CVE-2020-15647

Medium priority

Not affected

A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. This vulnerability affects Firefox...

1 affected package

firefox

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	Not in release	Not affected

CVE-2020-6829

Medium priority

Fixed

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few...

2 affected packages

nss, firefox

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
nss	—	—	Fixed	Fixed
firefox	—	—	Fixed	Fixed

CVE-2020-12401

Medium priority

Fixed

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox...

2 affected packages

nss, firefox

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
nss	—	—	Fixed	Fixed
firefox	—	—	Fixed	Fixed

CVE-2020-12400

Medium priority

Fixed

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for...

2 affected packages

nss, firefox

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
nss	—	—	Fixed	Fixed
firefox	—	—	Fixed	Fixed

CVE-2020-15659

Medium priority

Some fixes available 13 of 19

Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could...

6 affected packages

firefox, mozjs38, mozjs60, thunderbird, mozjs52, mozjs68

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs60	Not in release	Not in release	Not in release	Not in release
thunderbird	Not affected	Not affected	Fixed	Fixed
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release

CVE-2020-15658

Low priority

Some fixes available 13 of 19

The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown...

6 affected packages

firefox, mozjs38, thunderbird, mozjs52, mozjs60, mozjs68

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
thunderbird	Not affected	Not affected	Fixed	Fixed
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs60	Not in release	Not in release	Not in release	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release

CVE-2020-15656

Medium priority

Some fixes available 13 of 19

JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity....

6 affected packages

thunderbird, firefox, mozjs38, mozjs52, mozjs60, mozjs68

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
thunderbird	Not affected	Not affected	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs60	Not in release	Not in release	Not in release	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release

CVE-2020-15655

Medium priority

Some fixes available 13 of 19

A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox...

6 affected packages

mozjs38, mozjs60, mozjs68, firefox, mozjs52, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs60	Not in release	Not in release	Not in release	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release
firefox	Fixed	Fixed	Fixed	Fixed
mozjs52	Not in release	Not in release	Ignored	Ignored
thunderbird	Not affected	Not affected	Fixed	Fixed

Export to JSON

Results by page:

Search CVE reports