Search CVE reports

Toggle filters

1011 – 1020 of 2976 results

CVE-2020-15651

Medium priority
Not affected

A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS < 28.

1 affected package

firefox

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not in release Not affected
Show less packages

CVE-2020-15650

Medium priority
Not affected

Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android....

1 affected package

firefox

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not in release Not affected
Show less packages

CVE-2020-15649

Medium priority
Not affected

Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other...

7 affected packages

firefox, firefox-esr, mozjs38, mozjs52, mozjs60...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not in release Not affected
firefox-esr Not in release Not in release
mozjs38 Not in release Not affected
mozjs52 Not affected Not affected
mozjs60 Not in release Not in release
mozjs68 Not affected Not in release
thunderbird Not in release Not affected
Show all 7 packages Show less packages

CVE-2020-15648

Medium priority

Some fixes available 13 of 20

Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2.

6 affected packages

thunderbird, firefox, mozjs38, mozjs52, mozjs60, mozjs68

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
thunderbird Not affected Not affected Fixed Fixed
firefox Fixed Fixed Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs60 Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release
Show less packages

CVE-2020-15647

Medium priority
Not affected

A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. This vulnerability affects Firefox...

1 affected package

firefox

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not in release Not affected
Show less packages

CVE-2020-6829

Medium priority
Fixed

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few...

2 affected packages

nss, firefox

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
nss Fixed Fixed
firefox Fixed Fixed
Show less packages

CVE-2020-12401

Medium priority
Fixed

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox...

2 affected packages

nss, firefox

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
nss Fixed Fixed
firefox Fixed Fixed
Show less packages

CVE-2020-12400

Medium priority
Fixed

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for...

2 affected packages

nss, firefox

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
nss Fixed Fixed
firefox Fixed Fixed
Show less packages

CVE-2020-15659

Medium priority

Some fixes available 13 of 19

Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could...

6 affected packages

firefox, mozjs38, mozjs60, thunderbird, mozjs52, mozjs68

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Fixed Fixed Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored
mozjs60 Not in release Not in release Not in release Not in release
thunderbird Not affected Not affected Fixed Fixed
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored Not in release
Show less packages

CVE-2020-15658

Low priority

Some fixes available 13 of 19

The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown...

6 affected packages

firefox, mozjs38, thunderbird, mozjs52, mozjs60, mozjs68

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Fixed Fixed Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored
thunderbird Not affected Not affected Fixed Fixed
mozjs52 Not in release Not in release Ignored Ignored
mozjs60 Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release
Show less packages
  1. Previous page
  2. 100
  3. 101
  4. 102
  5. 103
  6. 104
  7. Next page
Export to JSON