CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15681
https://notcve.org/view.php?id=CVE-2020-15681
22 Oct 2020 — When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82. Cuando múltiples subprocesos WASM presentaban una referencia a un módulo y buscaban funciones exportadas, un subproceso WASM podría haber sobrescrito la entrada de otro en una tabla de códigos auxiliares compartida, lo que resultó en un bloqueo poten... • https://bugzilla.mozilla.org/show_bug.cgi?id=1666568 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15682
https://notcve.org/view.php?id=CVE-2020-15682
22 Oct 2020 — When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin. This vulnerability affects Firefox < 82. Cuando se hacía clic en un enlace a un protocolo externo, ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1636654 • CWE-346: Origin Validation Error •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15684
https://notcve.org/view.php?id=CVE-2020-15684
22 Oct 2020 — Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 82. Los desarrolladores de Mozilla informaron bugs de seguridad de la memoria presentes en Firefox versión 81. Algunos de estos bugs mostraron evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían h... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1653764%2C1661402%2C1662259%2C1664257 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-15683 – Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
https://notcve.org/view.php?id=CVE-2020-15683
22 Oct 2020 — Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4. Los desarrolladores de Mozilla y los miembros de la comunidad informaron bugs de seguridad de la memoria presentes en Firefox versión 81 y Firefox ESR versi... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00057.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-15663
https://notcve.org/view.php?id=CVE-2020-15663
01 Oct 2020 — If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are un... • https://bugzilla.mozilla.org/show_bug.cgi?id=1643199 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15667
https://notcve.org/view.php?id=CVE-2020-15667
01 Oct 2020 — When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80. Cuando se procesa un archivo de actualización MAR, después de que haya sido comprobada la firma, una longitud de nombre no válida podría resultar en un desbor... • https://bugzilla.mozilla.org/show_bug.cgi?id=1653371 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-15670
https://notcve.org/view.php?id=CVE-2020-15670
01 Oct 2020 — Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 80, Firefox ESR < 78.2, Thunderbird < 78.2, and Firefox for Android < 80. Los desarrolladores de Mozilla reportaron de unos bugs de seguridad de la memoria presentes en Firefox para Android versión 79. Algunos de estos bugs han mostrad... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1651001%2C1653626%2C1656957 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free CWE-617: Reachable Assertion •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15671
https://notcve.org/view.php?id=CVE-2020-15671
01 Oct 2020 — When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, resulting in the typed password being saved to the keyboard dictionary. This vulnerability affects Firefox for Android < 80. Cuando se escribe una contraseña bajo determinadas condiciones, es posible que se haya producido una carrera en la que InputContext no estaba siendo ajustado correctamente para el campo de entrada, resultando en que la contraseña escrita s... • https://bugzilla.mozilla.org/show_bug.cgi?id=1653862 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15674
https://notcve.org/view.php?id=CVE-2020-15674
01 Oct 2020 — Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81. Los desarrolladores de Mozilla reportaron unos bugs de seguridad de la memoria presentes en Firefox versión 80. Algunos de estos bugs han mostrado evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo algunos de ellos p... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1656063%2C1656064%2C1656067%2C1660293 • CWE-667: Improper Locking CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15675
https://notcve.org/view.php?id=CVE-2020-15675
01 Oct 2020 — When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81. Cuando se procesan superficies, la vida útil puede durar más tiempo ante un búfer persistente conllevando a una corrupción de la memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox versiones anteriores a 81 • https://bugzilla.mozilla.org/show_bug.cgi?id=1654211 • CWE-416: Use After Free •