CVE-2020-15654

MEDIUM Year: 2020
CVSS v3 Score
6.5
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-835
View all →

Vulnerability Description

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

Related Vulnerabilities

CVE-2010-1282

MEDIUM
CVSS:6.5(Medium)

Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.

CWE-8352010

CVE-2015-5239

MEDIUM
CVSS:6.5(Medium)

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

CWE-8352015

CVE-2015-5278

MEDIUM
CVSS:6.5(Medium)

The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors re...

CWE-8352015

CVE-2015-5694

MEDIUM
CVSS:6.5(Medium)

Designate does not enforce the DNS protocol limit concerning record set sizes

CWE-8352015

CVE-2015-7850

MEDIUM
CVSS:6.5(Medium)

ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.

CWE-8352015