For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can’t call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS < 26.
Published at: July 09, 2020 at 11:15AM
View on website
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Published at: July 09, 2020 at 11:15AM
View on website
Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Published at: July 09, 2020 at 11:15AM
View on website
Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. This vulnerability affects Firefox < 77.
Published at: July 09, 2020 at 11:15AM
View on website
When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox < 77.
Published at: July 09, 2020 at 11:15AM
View on website
Educ Arte Económico 