VDB

GCVE-110-MAGEIA-2020-433

GCVE-110-MAGEIA-2020-433
Advisory Published
Vulnetix · Advisory published November 21, 2020
Variable time processing of cross-origin images during drawImage calls. (CVE-2020-16012) Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code. (CVE-2020-26951) Fullscreen could be enabled without displaying the security UI. (CVE-2020-26953) XSS through paste (manual and clipboard API). (CVE-2020-26956) Requests intercepted through ServiceWorkers lacked MIME type restrictions. (CVE-2020-26958) Use-after-free in WebRequestService. (CVE-2020-26959) Potential use-after-free in uses of nsTArray. (CVE-2020-26960) DoH did not filter IPv4 mapped IP Addresses. (CVE-2020-26961) Software keyboards may have remembered typed passwords. (CVE-2020-26965) Memory safety bugs fixed in Thunderbird 78.5. (CVE-2020-26968)

Affected Products

VendorProductVersionsPlatforms
Mageiathunderbird-l10n78.5.0-1.mga7 (unaffected), 0 (affected)
Mageiathunderbird0 (affected), 78.5.0-1.mga7 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›