Search CVE reports
781 – 790 of 2342 results
Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | — | Not affected | Fixed | Fixed |
| thunderbird | — | Fixed | Fixed | Fixed |
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird...
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | — | Not affected | Fixed | Fixed |
| thunderbird | — | Fixed | Fixed | Fixed |
By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This...
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | — | Not affected | Fixed | Fixed |
| thunderbird | — | Fixed | Fixed | Fixed |
Some fixes available 5 of 13
Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3,...
7 affected packages
firefox, mozjs78, mozjs91, thunderbird, mozjs38...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| mozjs91 | — | Ignored | Not in release | Not in release |
| thunderbird | Not affected | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Ignored | Not in release |
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | — | Not affected | Fixed | Fixed |
| thunderbird | — | Fixed | Fixed | Fixed |
An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | — | Not affected | Fixed | Fixed |
| thunderbird | — | Fixed | Fixed | Fixed |
Some fixes available 14 of 127
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
24 affected packages
firefox, cadaver, coin3, gdcm, libxmltok...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| coin3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libxmltok | Not affected | Not affected | Not affected | Not affected |
| matanza | Ignored | Ignored | Ignored | Ignored |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| thunderbird | Ignored | Ignored | Not in release | Ignored |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected |
| expat | Fixed | Fixed | Fixed | Fixed |
| vnc4 | — | Not in release | Not in release | Needs evaluation |
| apache2 | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected |
| ayttm | — | Not in release | Not in release | Not in release |
| cableswig | — | Not in release | Not in release | Not in release |
| smart | — | Not in release | Not in release | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | — | Not in release | Not in release | Not in release |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| vtk | — | Not in release | Not in release | Not in release |
Some fixes available 3 of 11
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning...
2 affected packages
thunderbird, node-matrix-js-sdk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| thunderbird | Not affected | Fixed | Fixed | Fixed |
| node-matrix-js-sdk | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
Some fixes available 3 of 4
When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects...
1 affected package
thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| thunderbird | — | Fixed | Fixed | Fixed |
Some fixes available 3 of 4
If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with the <code>meta</code> tag having the <code>http-equiv="refresh"</code> attribute, and the content attribute specifying an URL, then...
1 affected package
thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| thunderbird | — | Fixed | Fixed | Fixed |