VulnerableCode Package Details - pkg:alpm/archlinux/firefox@83.0-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1frd-d76n-13fm	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.	CVE-2020-26965
VCID-436x-mrs7-q3gk	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.	CVE-2020-26960
VCID-83xt-ng2x-zugv	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.	CVE-2020-26953
VCID-8jzn-g96u-tudw	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.	CVE-2020-26956
VCID-8tmx-53k3-pbfj	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.	CVE-2020-26961
VCID-a66n-msy9-d3f9	Mozilla developers Tyson Smith, Aaron Klotz, David Major and Jason Kratzer reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	CVE-2020-26969
VCID-dhed-rfz6-ffe9	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.	CVE-2020-26951
VCID-dsaw-xa6k-4yfw	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.	CVE-2020-26968
VCID-ervb-z282-7kdy	When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code.	CVE-2020-26967
VCID-f3ws-d8fh-9ucz	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.	CVE-2020-26959
VCID-nx21-ks3v-53e4	Heap buffer overflow in CefSharp ### Impact A memory corruption bug(Heap overflow) in the FreeType font rendering library. > This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images . As per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild. ### Patches Upgrade to 85.3.130 or higher ### References - https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ - https://www.zdnet.com/article/google-releases-chrome-security-update-to-patch-actively-exploited-zero-day/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999 - https://magpcss.org/ceforum/viewtopic.php?f=10&t=17942 To review the `CEF/Chromium` patch see https://bitbucket.org/chromiumembedded/cef/commits/cd6cbe008b127990036945fb75e7c2c1594ab10d	CVE-2020-15999 GHSA-pv36-h7jh-qm62
VCID-sb4d-y4bp-k3h9	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.	CVE-2020-26958
VCID-ufy5-eyqn-ybfw	Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation.	CVE-2020-26962
VCID-uhjp-n763-cfc9	Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls.	CVE-2020-26963
VCID-v26p-ngz2-tkcd	Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors.	CVE-2020-26952
VCID-yg7c-ar4c-w3fn	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.	CVE-2020-16012

Vulnerability

Summary

Aliases

VCID-1frd-d76n-13fm

Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.

CVE-2020-26965

VCID-436x-mrs7-q3gk

Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.

CVE-2020-26960

VCID-83xt-ng2x-zugv

Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.

CVE-2020-26953

VCID-8jzn-g96u-tudw

Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.

CVE-2020-26956

VCID-8tmx-53k3-pbfj

Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.

CVE-2020-26961

VCID-a66n-msy9-d3f9

Mozilla developers Tyson Smith, Aaron Klotz, David Major and Jason Kratzer reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2020-26969

VCID-dhed-rfz6-ffe9

Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.

CVE-2020-26951

VCID-dsaw-xa6k-4yfw

Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.

CVE-2020-26968

VCID-ervb-z282-7kdy

When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code.

CVE-2020-26967

VCID-f3ws-d8fh-9ucz

Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.

CVE-2020-26959

VCID-nx21-ks3v-53e4

Heap buffer overflow in CefSharp ### Impact A memory corruption bug(Heap overflow) in the FreeType font rendering library. > This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images . As per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild. ### Patches Upgrade to 85.3.130 or higher ### References - https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ - https://www.zdnet.com/article/google-releases-chrome-security-update-to-patch-actively-exploited-zero-day/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999 - https://magpcss.org/ceforum/viewtopic.php?f=10&t=17942 To review the `CEF/Chromium` patch see https://bitbucket.org/chromiumembedded/cef/commits/cd6cbe008b127990036945fb75e7c2c1594ab10d

CVE-2020-15999
GHSA-pv36-h7jh-qm62

VCID-sb4d-y4bp-k3h9

Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.

CVE-2020-26958

VCID-ufy5-eyqn-ybfw

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation.

CVE-2020-26962

VCID-uhjp-n763-cfc9

Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls.

CVE-2020-26963

VCID-v26p-ngz2-tkcd

Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors.

CVE-2020-26952

VCID-yg7c-ar4c-w3fn

Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.

CVE-2020-16012

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-07T13:59:06.937125+00:00	Arch Linux Importer	Fixing	VCID-nx21-ks3v-53e4	https://security.archlinux.org/AVG-1279	38.1.0
2026-04-07T13:59:06.925434+00:00	Arch Linux Importer	Fixing	VCID-yg7c-ar4c-w3fn	https://security.archlinux.org/AVG-1279	38.1.0
2026-04-07T13:59:06.914076+00:00	Arch Linux Importer	Fixing	VCID-dhed-rfz6-ffe9	https://security.archlinux.org/AVG-1279	38.1.0
2026-04-07T13:59:06.903190+00:00	Arch Linux Importer	Fixing	VCID-v26p-ngz2-tkcd	https://security.archlinux.org/AVG-1279	38.1.0
2026-04-07T13:59:06.890562+00:00	Arch Linux Importer	Fixing	VCID-83xt-ng2x-zugv	https://security.archlinux.org/AVG-1279	38.1.0
2026-04-07T13:59:06.878495+00:00	Arch Linux Importer	Fixing	VCID-8jzn-g96u-tudw	https://security.archlinux.org/AVG-1279	38.1.0
2026-04-07T13:59:06.867655+00:00	Arch Linux Importer	Fixing	VCID-sb4d-y4bp-k3h9	https://security.archlinux.org/AVG-1279	38.1.0
2026-04-07T13:59:06.852092+00:00	Arch Linux Importer	Fixing	VCID-f3ws-d8fh-9ucz	https://security.archlinux.org/AVG-1279	38.1.0
2026-04-07T13:59:06.837617+00:00	Arch Linux Importer	Fixing	VCID-436x-mrs7-q3gk	https://security.archlinux.org/AVG-1279	38.1.0
2026-04-07T13:59:06.825904+00:00	Arch Linux Importer	Fixing	VCID-8tmx-53k3-pbfj	https://security.archlinux.org/AVG-1279	38.1.0
2026-04-07T13:59:06.813725+00:00	Arch Linux Importer	Fixing	VCID-ufy5-eyqn-ybfw	https://security.archlinux.org/AVG-1279	38.1.0
2026-04-07T13:59:06.800158+00:00	Arch Linux Importer	Fixing	VCID-uhjp-n763-cfc9	https://security.archlinux.org/AVG-1279	38.1.0
2026-04-07T13:59:06.779058+00:00	Arch Linux Importer	Fixing	VCID-1frd-d76n-13fm	https://security.archlinux.org/AVG-1279	38.1.0
2026-04-07T13:59:06.766461+00:00	Arch Linux Importer	Fixing	VCID-ervb-z282-7kdy	https://security.archlinux.org/AVG-1279	38.1.0
2026-04-07T13:59:06.754202+00:00	Arch Linux Importer	Fixing	VCID-dsaw-xa6k-4yfw	https://security.archlinux.org/AVG-1279	38.1.0
2026-04-07T13:59:06.739545+00:00	Arch Linux Importer	Fixing	VCID-a66n-msy9-d3f9	https://security.archlinux.org/AVG-1279	38.1.0
2026-04-01T18:24:19.684987+00:00	Arch Linux Importer	Fixing	VCID-nx21-ks3v-53e4	https://security.archlinux.org/AVG-1279	38.0.0
2026-04-01T18:24:19.661358+00:00	Arch Linux Importer	Fixing	VCID-yg7c-ar4c-w3fn	https://security.archlinux.org/AVG-1279	38.0.0
2026-04-01T18:24:19.637698+00:00	Arch Linux Importer	Fixing	VCID-dhed-rfz6-ffe9	https://security.archlinux.org/AVG-1279	38.0.0
2026-04-01T18:24:19.615678+00:00	Arch Linux Importer	Fixing	VCID-v26p-ngz2-tkcd	https://security.archlinux.org/AVG-1279	38.0.0
2026-04-01T18:24:19.592345+00:00	Arch Linux Importer	Fixing	VCID-83xt-ng2x-zugv	https://security.archlinux.org/AVG-1279	38.0.0
2026-04-01T18:24:19.566881+00:00	Arch Linux Importer	Fixing	VCID-8jzn-g96u-tudw	https://security.archlinux.org/AVG-1279	38.0.0
2026-04-01T18:24:19.541196+00:00	Arch Linux Importer	Fixing	VCID-sb4d-y4bp-k3h9	https://security.archlinux.org/AVG-1279	38.0.0
2026-04-01T18:24:19.513752+00:00	Arch Linux Importer	Fixing	VCID-f3ws-d8fh-9ucz	https://security.archlinux.org/AVG-1279	38.0.0
2026-04-01T18:24:19.489504+00:00	Arch Linux Importer	Fixing	VCID-436x-mrs7-q3gk	https://security.archlinux.org/AVG-1279	38.0.0
2026-04-01T18:24:19.464515+00:00	Arch Linux Importer	Fixing	VCID-8tmx-53k3-pbfj	https://security.archlinux.org/AVG-1279	38.0.0
2026-04-01T18:24:19.439512+00:00	Arch Linux Importer	Fixing	VCID-ufy5-eyqn-ybfw	https://security.archlinux.org/AVG-1279	38.0.0
2026-04-01T18:24:19.412697+00:00	Arch Linux Importer	Fixing	VCID-uhjp-n763-cfc9	https://security.archlinux.org/AVG-1279	38.0.0
2026-04-01T18:24:19.387980+00:00	Arch Linux Importer	Fixing	VCID-1frd-d76n-13fm	https://security.archlinux.org/AVG-1279	38.0.0
2026-04-01T18:24:19.362251+00:00	Arch Linux Importer	Fixing	VCID-ervb-z282-7kdy	https://security.archlinux.org/AVG-1279	38.0.0
2026-04-01T18:24:19.339455+00:00	Arch Linux Importer	Fixing	VCID-dsaw-xa6k-4yfw	https://security.archlinux.org/AVG-1279	38.0.0
2026-04-01T18:24:19.317102+00:00	Arch Linux Importer	Fixing	VCID-a66n-msy9-d3f9	https://security.archlinux.org/AVG-1279	38.0.0

2026-04-07T13:59:06.937125+00:00

Arch Linux Importer

Fixing