Search CVE reports
861 – 870 of 2342 results
Some fixes available 16 of 24
When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses. This could have been abused to learn information...
6 affected packages
firefox, mozjs38, mozjs78, mozjs52, mozjs68, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed |
Some fixes available 16 of 24
If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the...
6 affected packages
thunderbird, mozjs78, firefox, mozjs38, mozjs52, mozjs68
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| thunderbird | Fixed | Fixed | Fixed | Fixed |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
Some fixes available 16 of 24
If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This...
6 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed |
Some fixes available 16 of 24
If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability...
6 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed |
Some fixes available 21 of 95
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
24 affected packages
apache2, apr-util, insighttoolkit, swish-e, tdom...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release |
| swish-e | Needs evaluation | Needs evaluation | Not affected | Not affected |
| tdom | Needs evaluation | Needs evaluation | Vulnerable | Vulnerable |
| vtk | Not in release | Not in release | Not in release | Not in release |
| matanza | Ignored | Ignored | Ignored | Ignored |
| expat | Fixed | Fixed | Fixed | Fixed |
| wbxml2 | Needs evaluation | Needs evaluation | Vulnerable | Vulnerable |
| ayttm | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release |
| cadaver | Needs evaluation | Needs evaluation | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected |
| coin3 | Not affected | Not affected | Not affected | Vulnerable |
| firefox | Fixed | Fixed | Not in release | Ignored |
| gdcm | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
| libxmltok | Not affected | Not affected | Not affected | Not affected |
| smart | Not in release | Not in release | Not in release | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Ignored | Ignored | Not in release | Ignored |
| vnc4 | Not in release | Not in release | Not in release | Not affected |
| xmlrpc-c | Needs evaluation | Needs evaluation | Not affected | Not affected |
Some fixes available 21 of 100
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
24 affected packages
apache2, expat, apr-util, cableswig, cadaver...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected |
| expat | Fixed | Fixed | Fixed | Fixed |
| apr-util | Not affected | Not affected | Not affected | Not affected |
| cableswig | Not in release | Not in release | Not in release | Not in release |
| cadaver | Needs evaluation | Needs evaluation | Not affected | Not affected |
| coin3 | Not affected | Not affected | Not affected | Vulnerable |
| ayttm | Not in release | Not in release | Not in release | Not in release |
| cmake | Not affected | Not affected | Not affected | Not affected |
| firefox | Fixed | Fixed | Not in release | Ignored |
| gdcm | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release |
| libxmltok | Not affected | Not affected | Not affected | Not affected |
| matanza | Ignored | Ignored | Not affected | Not affected |
| smart | Not in release | Not in release | Not in release | Not affected |
| swish-e | Needs evaluation | Needs evaluation | Not affected | Not affected |
| tdom | Needs evaluation | Needs evaluation | Vulnerable | Vulnerable |
| thunderbird | Ignored | Ignored | Not in release | Ignored |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| vnc4 | Not in release | Not in release | Not in release | Vulnerable |
| vtk | Not in release | Not in release | Not in release | Not in release |
| wbxml2 | Needs evaluation | Needs evaluation | Vulnerable | Vulnerable |
| xmlrpc-c | Needs evaluation | Needs evaluation | Not affected | Not affected |
Some fixes available 6 of 7
Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of...
1 affected package
thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| thunderbird | — | Fixed | Fixed | Fixed |
Some fixes available 17 of 27
Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these...
6 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed |
Some fixes available 17 of 27
Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
6 affected packages
thunderbird, firefox, mozjs38, mozjs52, mozjs68, mozjs78
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| thunderbird | Fixed | Fixed | Fixed | Fixed |
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
Some fixes available 22 of 33
After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5,...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| nss | Not affected | Not affected | Fixed | Fixed |
| thunderbird | Fixed | Fixed | Fixed | Fixed |