CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6815
https://notcve.org/view.php?id=CVE-2020-6815
Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 74. Los desarrolladores de Mozilla reportaron bugs de seguridad de la memoria y seguridad de scripts presentes en Firefox versión 73. Algunos de estos bugs mostraron evidencia de corrupción de la memoria o escalada de privilegios y presumimos que con un esfuerzo suficiente algunos de estos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1181957%2C1557732%2C1557739%2C1611457%2C1612431 https://www.mozilla.org/security/advisories/mfsa2020-08 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6809
https://notcve.org/view.php?id=CVE-2020-6809
When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox < 74. Cuando una Web Extension tenía el permiso de todas las direcciones URL y realizaba una petición de extracción con un modo establecido en "same-origin", era posible que la Web Extension lea archivos locales. Esta vulnerabilidad afecta a Firefox versiones anteriores a 74. • https://bugzilla.mozilla.org/show_bug.cgi?id=1420296 https://www.mozilla.org/security/advisories/mfsa2020-08 •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-6812 – Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
https://notcve.org/view.php?id=CVE-2020-6812
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. • https://bugzilla.mozilla.org/show_bug.cgi?id=1616661 https://usn.ubuntu.com/4328-1 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2020-08 https://www.mozilla.org/security/advisories/mfsa2020-09 https://www.mozilla.org/security/advisories/mfsa2020-10 https://access.redhat.com/security/cve/CVE-2020-6812 https://bugzilla.redhat.com/show_bug.cgi?id=1812204 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6801
https://notcve.org/view.php?id=CVE-2020-6801
Mozilla developers reported memory safety bugs present in Firefox 72. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 73. Los desarrolladores de Mozilla han reportado bugs de seguridad de la memoria presentes en Firefox versión 72. Algunos de estos bugs mostraron evidencias de corrupción de memoria y presumimos que con esfuerzo suficiente algunos de ellos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1601024%2C1601712%2C1604836%2C1606492 https://usn.ubuntu.com/4278-2 https://www.mozilla.org/security/advisories/mfsa2020-05 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-5594
https://notcve.org/view.php?id=CVE-2013-5594
Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding Mozilla Firefox versiones anteriores a 25, permite una modificación del contenido anónimo del enlace del archivo pluginProblem.xml • https://bugzilla.mozilla.org/show_bug.cgi?id=914618 https://nki.gov.hu/en/figyelmeztetesek/serulekenysegek/mozilla-firefox-tobbszoros-serulekenysege-2 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •