Search CVE reports
1231 – 1240 of 2343 results
A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating...
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | — | — | — | — |
| thunderbird | — | — | — | — |
A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox...
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | — | — | — | — |
| thunderbird | — | — | — | — |
This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system...
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | — | — | — | — |
| thunderbird | — | — | — | — |
The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating...
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | — | — | — | — |
| thunderbird | — | — | — | — |
When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only...
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | — | — | — | — |
| thunderbird | — | — | — | — |
Some fixes available 16 of 19
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
4 affected packages
chromium-browser, firefox, oxide-qt, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium-browser | — | — | — | Fixed |
| firefox | — | — | — | Fixed |
| oxide-qt | — | — | — | Not in release |
| thunderbird | — | — | — | Fixed |
Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
1 affected package
thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| thunderbird | — | — | — | Fixed |
Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
1 affected package
thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| thunderbird | — | — | — | Fixed |
It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects...
1 affected package
thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| thunderbird | — | — | — | Fixed |
Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
1 affected package
thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| thunderbird | — | — | — | Fixed |