CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26957
https://notcve.org/view.php?id=CVE-2020-26957
OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83. • https://bugzilla.mozilla.org/show_bug.cgi?id=1667179 https://www.mozilla.org/security/advisories/mfsa2020-50 • CWE-665: Improper Initialization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26955
https://notcve.org/view.php?id=CVE-2020-26955
When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original and subsequent request were in private and non-private browsing modes. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83. Cuando un usuario descargaba un archivo en Firefox para Android, si una cookie es ajustada, ésta habría sido reenviada durante una operación posterior de descarga de archivos en el mismo dominio, independientemente de si la petición original y posterior se encontraban en modos de navegación privados y no privados. • https://bugzilla.mozilla.org/show_bug.cgi?id=1663261 https://www.mozilla.org/security/advisories/mfsa2020-50 • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26954
https://notcve.org/view.php?id=CVE-2020-26954
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83. • https://bugzilla.mozilla.org/show_bug.cgi?id=1657026 https://www.mozilla.org/security/advisories/mfsa2020-50 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26952
https://notcve.org/view.php?id=CVE-2020-26952
Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox < 83. Una contabilización incorrecta de las funciones en línea durante la compilación de JIT podría haber conllevado a una corrupción de la memoria y a un bloqueo potencialmente explotable cuando se manejan errores fuera de la memoria. Esta vulnerabilidad afecta a Firefox versiones anteriores a 83 • https://bugzilla.mozilla.org/show_bug.cgi?id=1667685 https://www.mozilla.org/security/advisories/mfsa2020-50 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26953 – Mozilla: Fullscreen could be enabled without displaying the security UI
https://notcve.org/view.php?id=CVE-2020-26953
It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Fue posible causar que el navegador entre en modo de pantalla completa sin mostrar la interfaz de seguridad, lo que permite intentar un ataque de phishing o confundir de alguna manera al usuario. Esta vulnerabilidad afecta a Firefox versiones anteriores a 83, Firefox ESR versiones anteriores a 78.5, y Thunderbird versiones anteriores a 78.5 • https://bugzilla.mozilla.org/show_bug.cgi?id=1656741 https://www.mozilla.org/security/advisories/mfsa2020-50 https://www.mozilla.org/security/advisories/mfsa2020-51 https://www.mozilla.org/security/advisories/mfsa2020-52 https://access.redhat.com/security/cve/CVE-2020-26953 https://bugzilla.redhat.com/show_bug.cgi?id=1898733 • CWE-451: User Interface (UI) Misrepresentation of Critical Information CWE-1021: Improper Restriction of Rendered UI Layers or Frames •