Mozilla: >> Firefox >> 0.8 Security Vulnerabilities
The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-02-26
An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-02-26
The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-02-26
Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-02-26
Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.
CVSS Score
7.4
EPSS Score
0.004
Published
2021-02-26
Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86.
CVSS Score
6.5
EPSS Score
0.005
Published
2021-02-26
When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox < 86.
CVSS Score
6.5
EPSS Score
0.005
Published
2021-02-26
One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox < 86.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-02-26
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
CVSS Score
6.5
EPSS Score
0.007
Published
2021-02-26
The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86.
CVSS Score
6.1
EPSS Score
0.001
Published
2021-02-26