Search CVE reports

Toggle filters

351 – 360 of 2432 results

CVE-2025-5267

Medium priority

Some fixes available 1 of 12

A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not affected Not in release
thunderbird Not affected Not affected Fixed Not in release
mozjs38 Not in release Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Not in release Ignored
mozjs78 Not in release Not in release Ignored Not in release
mozjs91 Not in release Not in release Ignored Not in release
mozjs102 Not in release Ignored Ignored Not in release
mozjs115 Not in release Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2025-5266

Medium priority

Some fixes available 1 of 12

Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not affected Not in release
thunderbird Not affected Not affected Fixed Not in release
mozjs38 Not in release Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Not in release Ignored
mozjs78 Not in release Not in release Ignored Not in release
mozjs91 Not in release Not in release Ignored Not in release
mozjs102 Not in release Ignored Ignored Not in release
mozjs115 Not in release Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2025-5265

Medium priority

Some fixes available 1 of 12

Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only...

9 affected packages

mozjs52, firefox, thunderbird, mozjs38, mozjs68...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mozjs52 Not in release Not in release Not in release Ignored Ignored
firefox Not affected Not affected Not affected Not in release
thunderbird Not affected Not affected Fixed Not in release
mozjs38 Not in release Not in release Not in release Not in release Needs evaluation
mozjs68 Not in release Not in release Not in release Ignored
mozjs78 Not in release Not in release Ignored Not in release
mozjs91 Not in release Not in release Ignored Not in release
mozjs102 Not in release Ignored Ignored Not in release
mozjs115 Not in release Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2025-5264

Medium priority

Some fixes available 1 of 12

Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not affected Not in release
thunderbird Not affected Not affected Fixed Not in release
mozjs38 Not in release Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Not in release Ignored
mozjs78 Not in release Not in release Ignored Not in release
mozjs91 Not in release Not in release Ignored Not in release
mozjs102 Not in release Ignored Ignored Not in release
mozjs115 Not in release Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2025-5263

Medium priority

Some fixes available 1 of 12

Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not affected Not in release
thunderbird Not affected Not affected Fixed Not in release
mozjs38 Not in release Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Not in release Ignored
mozjs78 Not in release Not in release Ignored Not in release
mozjs91 Not in release Not in release Ignored Not in release
mozjs102 Not in release Ignored Ignored Not in release
mozjs115 Not in release Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2025-5262

Medium priority
Ignored

A double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. This vulnerability...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
mozjs38 Not in release Not in release Not in release Not affected
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2025-5020

Medium priority
Not affected

Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client. This vulnerability...

2 affected packages

firefox, thunderbird

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
Show less packages

CVE-2025-4919

Medium priority

Some fixes available 1 of 12

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not affected Not in release
thunderbird Not affected Not affected Fixed Not in release
mozjs38 Not in release Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Not in release Ignored
mozjs78 Not in release Not in release Ignored Not in release
mozjs91 Not in release Not in release Ignored Not in release
mozjs102 Not in release Ignored Ignored Not in release
mozjs115 Not in release Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2025-4918

Medium priority

Some fixes available 1 of 12

An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not affected Not in release
thunderbird Not affected Not affected Fixed Not in release
mozjs38 Not in release Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Not in release Ignored
mozjs78 Not in release Not in release Ignored Not in release
mozjs91 Not in release Not in release Ignored Not in release
mozjs102 Not in release Ignored Ignored Not in release
mozjs115 Not in release Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2025-3932

Medium priority

Some fixes available 1 of 2

It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent...

1 affected package

thunderbird

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
thunderbird Not affected Fixed Not in release
Show less packages
  1. Previous page
  2. 34
  3. 35
  4. 36
  5. 37
  6. 38
  7. Next page
Export to JSON