VulnerableCode Package Details - pkg:alpm/archlinux/firefox@82.0-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-399u-qwkh-aaaa	When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82.	CVE-2020-15681
VCID-4x9u-r2c9-aaap	Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.	CVE-2020-15683
VCID-5n7x-62df-aaan	If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This vulnerability affects Firefox < 82.	CVE-2020-15680
VCID-6rch-5a19-aaak	Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 82.	CVE-2020-15684
VCID-hmeb-2gjt-aaag	Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	CVE-2020-15969
VCID-nxf6-b31u-aaac	Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when `Vec::from_iter` has allocated different sizes with the number of iterator elements. This has been fixed in crossbeam-channel 0.4.4.	CVE-2020-15254 GHSA-v5m7-53cv-f3hx
VCID-q7tp-8ke6-aaaj	When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin. This vulnerability affects Firefox < 82.	CVE-2020-15682

Vulnerability

Summary

Aliases

VCID-399u-qwkh-aaaa

When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82.

CVE-2020-15681

VCID-4x9u-r2c9-aaap

Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.

CVE-2020-15683

VCID-5n7x-62df-aaan

If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This vulnerability affects Firefox < 82.

CVE-2020-15680

VCID-6rch-5a19-aaak

Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 82.

CVE-2020-15684

VCID-hmeb-2gjt-aaag

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-15969

VCID-nxf6-b31u-aaac

Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when `Vec::from_iter` has allocated different sizes with the number of iterator elements. This has been fixed in crossbeam-channel 0.4.4.

CVE-2020-15254
GHSA-v5m7-53cv-f3hx

VCID-q7tp-8ke6-aaaj

When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin. This vulnerability affects Firefox < 82.

CVE-2020-15682

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:44:15.426946+00:00	Arch Linux Importer	Fixing	VCID-nxf6-b31u-aaac	https://security.archlinux.org/AVG-1256	36.0.0
2025-03-28T07:44:15.394270+00:00	Arch Linux Importer	Fixing	VCID-5n7x-62df-aaan	https://security.archlinux.org/AVG-1256	36.0.0
2025-03-28T07:44:15.358831+00:00	Arch Linux Importer	Fixing	VCID-399u-qwkh-aaaa	https://security.archlinux.org/AVG-1256	36.0.0
2025-03-28T07:44:15.323713+00:00	Arch Linux Importer	Fixing	VCID-q7tp-8ke6-aaaj	https://security.archlinux.org/AVG-1256	36.0.0
2025-03-28T07:44:15.289148+00:00	Arch Linux Importer	Fixing	VCID-4x9u-r2c9-aaap	https://security.archlinux.org/AVG-1256	36.0.0
2025-03-28T07:44:15.253674+00:00	Arch Linux Importer	Fixing	VCID-6rch-5a19-aaak	https://security.archlinux.org/AVG-1256	36.0.0
2025-03-28T07:44:15.222893+00:00	Arch Linux Importer	Fixing	VCID-hmeb-2gjt-aaag	https://security.archlinux.org/AVG-1256	36.0.0
2024-09-18T01:59:21.575070+00:00	Arch Linux Importer	Fixing	VCID-nxf6-b31u-aaac	https://security.archlinux.org/AVG-1256	34.0.1
2024-09-18T01:59:21.549350+00:00	Arch Linux Importer	Fixing	VCID-5n7x-62df-aaan	https://security.archlinux.org/AVG-1256	34.0.1
2024-09-18T01:59:21.524014+00:00	Arch Linux Importer	Fixing	VCID-399u-qwkh-aaaa	https://security.archlinux.org/AVG-1256	34.0.1
2024-09-18T01:59:21.497597+00:00	Arch Linux Importer	Fixing	VCID-q7tp-8ke6-aaaj	https://security.archlinux.org/AVG-1256	34.0.1
2024-09-18T01:59:21.471927+00:00	Arch Linux Importer	Fixing	VCID-4x9u-r2c9-aaap	https://security.archlinux.org/AVG-1256	34.0.1
2024-09-18T01:59:21.445278+00:00	Arch Linux Importer	Fixing	VCID-6rch-5a19-aaak	https://security.archlinux.org/AVG-1256	34.0.1
2024-09-18T01:59:21.419259+00:00	Arch Linux Importer	Fixing	VCID-hmeb-2gjt-aaag	https://security.archlinux.org/AVG-1256	34.0.1
2024-01-20T12:06:19.812726+00:00	Arch Linux Importer	Fixing	VCID-nxf6-b31u-aaac	https://security.archlinux.org/AVG-1256	34.0.0rc2
2024-01-20T12:06:19.790724+00:00	Arch Linux Importer	Fixing	VCID-5n7x-62df-aaan	https://security.archlinux.org/AVG-1256	34.0.0rc2
2024-01-20T12:06:19.768874+00:00	Arch Linux Importer	Fixing	VCID-399u-qwkh-aaaa	https://security.archlinux.org/AVG-1256	34.0.0rc2
2024-01-20T12:06:19.746933+00:00	Arch Linux Importer	Fixing	VCID-q7tp-8ke6-aaaj	https://security.archlinux.org/AVG-1256	34.0.0rc2
2024-01-20T12:06:19.725091+00:00	Arch Linux Importer	Fixing	VCID-4x9u-r2c9-aaap	https://security.archlinux.org/AVG-1256	34.0.0rc2
2024-01-20T12:06:19.703170+00:00	Arch Linux Importer	Fixing	VCID-6rch-5a19-aaak	https://security.archlinux.org/AVG-1256	34.0.0rc2
2024-01-20T12:06:19.681233+00:00	Arch Linux Importer	Fixing	VCID-hmeb-2gjt-aaag	https://security.archlinux.org/AVG-1256	34.0.0rc2
2024-01-03T22:25:39.300540+00:00	Arch Linux Importer	Fixing	VCID-nxf6-b31u-aaac	https://security.archlinux.org/AVG-1256	34.0.0rc1
2024-01-03T22:25:39.279314+00:00	Arch Linux Importer	Fixing	VCID-5n7x-62df-aaan	https://security.archlinux.org/AVG-1256	34.0.0rc1
2024-01-03T22:25:39.258265+00:00	Arch Linux Importer	Fixing	VCID-399u-qwkh-aaaa	https://security.archlinux.org/AVG-1256	34.0.0rc1
2024-01-03T22:25:39.237214+00:00	Arch Linux Importer	Fixing	VCID-q7tp-8ke6-aaaj	https://security.archlinux.org/AVG-1256	34.0.0rc1
2024-01-03T22:25:39.216095+00:00	Arch Linux Importer	Fixing	VCID-4x9u-r2c9-aaap	https://security.archlinux.org/AVG-1256	34.0.0rc1
2024-01-03T22:25:39.192038+00:00	Arch Linux Importer	Fixing	VCID-6rch-5a19-aaak	https://security.archlinux.org/AVG-1256	34.0.0rc1
2024-01-03T22:25:39.165241+00:00	Arch Linux Importer	Fixing	VCID-hmeb-2gjt-aaag	https://security.archlinux.org/AVG-1256	34.0.0rc1

2025-03-28T07:44:15.426946+00:00

Arch Linux Importer

Fixing