VDB
GCVE-110-MAGEIA-2020-433
GCVE-110-MAGEIA-2020-433
Advisory Published
Variable time processing of cross-origin images during drawImage calls.
(CVE-2020-16012)
Parsing mismatches could confuse and bypass security sanitizer for chrome
privileged code. (CVE-2020-26951)
Fullscreen could be enabled without displaying the security UI. (CVE-2020-26953)
XSS through paste (manual and clipboard API). (CVE-2020-26956)
Requests intercepted through ServiceWorkers lacked MIME type restrictions.
(CVE-2020-26958)
Use-after-free in WebRequestService. (CVE-2020-26959)
Potential use-after-free in uses of nsTArray. (CVE-2020-26960)
DoH did not filter IPv4 mapped IP Addresses. (CVE-2020-26961)
Software keyboards may have remembered typed passwords. (CVE-2020-26965)
Memory safety bugs fixed in Thunderbird 78.5. (CVE-2020-26968)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | thunderbird-l10n | 78.5.0-1.mga7 (unaffected), 0 (affected) | — |
| Mageia | thunderbird | 0 (affected), 78.5.0-1.mga7 (unaffected) | — |
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.