Mozilla

Firefox ESR

755 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2020-12418

  • EPSS 1.24%
  • Veröffentlicht 09.07.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:41

Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

9.3

CVE-2020-12419

  • EPSS 0.46%
  • Veröffentlicht 09.07.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:41

When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability ...

9.3

CVE-2020-12420

Exploit
  • EPSS 0.44%
  • Veröffentlicht 09.07.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:41

When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird...

4.4

CVE-2020-12399

  • EPSS 0.1%
  • Veröffentlicht 09.07.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 04:59:38

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

5.3

CVE-2020-12405

Exploit
  • EPSS 0.66%
  • Veröffentlicht 09.07.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 04:59:39

When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

10

CVE-2020-12388

  • EPSS 0.71%
  • Veröffentlicht 26.05.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:37

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76.

10

CVE-2020-12389

  • EPSS 0.55%
  • Veröffentlicht 26.05.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:37

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76.

5.5

CVE-2020-12392

  • EPSS 0.16%
  • Veröffentlicht 26.05.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:37

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resul...

9.8

CVE-2020-6831

  • EPSS 6.27%
  • Veröffentlicht 26.05.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 05:36:15

A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

8.1

CVE-2020-12387

  • EPSS 1%
  • Veröffentlicht 26.05.2020 18:15:10
  • Zuletzt bearbeitet 21.11.2024 04:59:37

A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.