Search for packages
| purl | pkg:deb/debian/firefox@70.0-1?distro=sid |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2zja-svg5-mqct | By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents. |
CVE-2020-12412
|
| VCID-b67z-91x3-sug1 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11764
|
| VCID-bae9-9f51-wqac | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11760
|
| VCID-fxx3-xfat-m3bx | An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URIs. |
CVE-2019-17000
|
| VCID-j64y-ejt3-tbe3 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11757
|
| VCID-mnt3-q341-j7gj | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11763
|
| VCID-nbvc-j1zu-v7d8 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11762
|
| VCID-nguh-j845-wbf1 | A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.*Note: This flaw only affected Firefox 69 and was not present in earlier versions.* |
CVE-2019-17001
|
| VCID-nmh4-zpeh-4bcr | Multiple vulnerabilities have been found in Expat, the worst of which could result in a Denial of Service condition. |
CVE-2019-15903
|
| VCID-pzwg-wv7w-s7fv | If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. |
CVE-2019-17002
|
| VCID-rhwa-2ash-jkgh | A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the 'Click to Play' permission. |
CVE-2019-11765
|
| VCID-tvsp-tsfk-v7eg | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11759
|
| VCID-vkpn-uuym-qkge | Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which allows remote attackers to escalate privileges. |
CVE-2018-6156
|
| VCID-vvbx-nscf-43a7 | A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. |
CVE-2019-25136
|
| VCID-wpvp-c7aw-qfhw | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11761
|