Achievement unlocked: Bitcoin Cash fixed all common third-party transaction malleation vectors

Canonically encoded ECDSA signatures: Non-DER encoded ECDSA signatures are prohibited since the activation of BIP 66 in July 2015.

Non-push operations in scriptSig: Non-push operations in signature scripts are prohibited since the November 2018 Bitcoin Cash network upgrade. Bitcoin Core still accepts them.

Push operations in scriptSig of non-standard size type: Non-standard-size push operations in any script are prohibited since the November 2019 Bitcoin Cash network upgrade. Bitcoin Core still accepts them.

Zero-padded number pushes: Processing numbers encoded in non-standard form is prohibited since the November 2019 Bitcoin Cash network upgrade. Bitcoin Core still accepts this.

Inherent ECDSA signature malleability: High S values in ECDSA signatures are prohibited since the November 2017 Bitcoin Cash network upgrade. Bitcoin Core still accepts them.

Malleability of failing signature: Passing invalid signatures other than null to OP_CHECK(MULTI)SIG is prohibited since the November 2017 Bitcoin Cash network upgrade. Bitcoin Core still continues script execution.

Superfluous scriptSig operations: Script execution must result in a clean stack since the November 2018 Bitcoin Cash network upgrade. Bitcoin Core does not require this. The May 2019 Bitcoin Cash network upgrade adds an exemption only for specific SegWit-like signature scripts.

Inputs ignored by scripts: The second input of OP_CHECKMULTISIG(VERIFY) is no longer ignored since the November 2019 Bitcoin Cash network upgrade. Instead, on Bitcoin Core this input is required to be null since the activation of BIP 147 in August 2017.