Mozilla » Firefox Esr : Security Vulnerabilities, CVEs, Published In 2020 (Overflow) CVSS score >= 8
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
Max CVSS
9.8
EPSS Score
1.36%
Published
2020-05-26
Updated
2021-07-21
An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
Max CVSS
8.8
EPSS Score
1.39%
Published
2020-01-08
Updated
2023-02-01
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61.
Max CVSS
8.8
EPSS Score
0.35%
Published
2020-07-09
Updated
2020-07-13
3 vulnerabilities found