Search CVE reports
1141 – 1150 of 2343 results
A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird < 60.7.1.
1 affected package
thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| thunderbird | — | — | — | Fixed |
A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird...
1 affected package
thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| thunderbird | — | — | — | Fixed |
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects...
1 affected package
thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| thunderbird | — | — | — | Fixed |
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
1 affected package
thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| thunderbird | — | — | — | Fixed |
Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting.
6 affected packages
firefox-esr, mozjs38, mozjs52, firefox, mozjs60, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox-esr | — | — | — | Not in release |
| mozjs38 | — | — | — | Not affected |
| mozjs52 | — | — | — | Not affected |
| firefox | — | — | — | Not affected |
| mozjs60 | — | — | — | Not in release |
| thunderbird | — | — | — | Not affected |
In libwebp 0.5.1, there is a double free bug in libwebpmux.
9 affected packages
godot, libwebp, mozjs60, qtimageformats-opensource-src, qtwebengine-opensource-src...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| godot | Not affected | Not affected | Not affected | Not in release |
| libwebp | Not affected | Not affected | Not affected | Not affected |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
| qtimageformats-opensource-src | Not affected | Not affected | Not affected | Not affected |
| qtwebengine-opensource-src | Not affected | Not affected | Not affected | Not affected |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| firefox | Not affected | Not affected | Not in release | Not affected |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| thunderbird | Not affected | Not affected | Not in release | Not affected |
Some fixes available 28 of 38
A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
5 affected packages
mozjs52, mozjs60, firefox, mozjs38, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| thunderbird | Fixed | Fixed | Fixed | Fixed |
Some fixes available 28 of 38
A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
5 affected packages
mozjs52, mozjs38, firefox, mozjs60, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed |
Some fixes available 28 of 38
Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird <...
5 affected packages
mozjs52, firefox, mozjs38, mozjs60, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed |
Some fixes available 28 of 38
A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been...
5 affected packages
firefox, mozjs38, mozjs52, mozjs60, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed |