Month: January 2021
-
CVE-2020-35112 – If a user downloaded a file lacking an extension on Windows, and then "Open"-ed …
If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an …
-
CVE-2020-35111 – When an extension with the proxy permission registered to receive <all_urls>, the pr …
When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for …
-
CVE-2020-26979 – When a user typed a URL in the address bar or the search bar and quickly hit the enter key …
When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event …
-
CVE-2020-26978 – Using techniques that built on the slipstream research, a malicious webpage could have exp …
Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network’s hosts as well as …
-
CVE-2020-26977 – By attempting to connect a website using an unresponsive port, an attacker could have cont …
By attempting to connect a website using an unresponsive port, an attacker could have controlled the content of a tab while the URL bar …
-
CVE-2020-26976 – When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered …
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have …
-
CVE-2020-26975 – When a malicious application installed on the user’s device broadcast an Intent to Firefox …
When a malicious application installed on the user’s device broadcast an Intent to Firefox for Android, arbitrary headers could have been …
-
CVE-2020-26974 – When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have bee …
When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This …
-
CVE-2020-26973 – Certain input to the CSS Sanitizer confused it, resulting in incorrect components being re …
Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer …
-
CVE-2020-26972 – The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the …
The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting …
-
CVE-2020-26971 – Certain blit values provided by the user were not properly constrained leading to a heap b …
Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This …
-
CVE-2020-26768 – Formstone <=1.4.16 is vulnerable to a Reflected Cross-Site Scripting (XSS) vulnerabilit …
Formstone <=1.4.16 is vulnerable to a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper validation of user supplied …
●●●