Search CVE reports
1061 – 1070 of 2389 results
Some fixes available 21 of 27
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could...
6 affected packages
mozjs52, mozjs68, firefox, mozjs38, mozjs60, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Not in release | Ignored | Not in release |
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | — | Not in release | Not in release | Not in release | Not in release |
| thunderbird | — | Fixed | Fixed | Fixed | Fixed |
Some fixes available 16 of 17
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
18 affected packages
chromium-browser, godot, graphicsmagick, musescore, openjdk-13...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | Not affected | Not affected | Not in release | Fixed |
| godot | — | Not affected | Not affected | Not affected | Not in release |
| graphicsmagick | — | Not affected | Not affected | Not affected | Not affected |
| musescore | — | Not in release | Not in release | Not affected | Not affected |
| openjdk-13 | — | Not in release | Not in release | Not affected | Not in release |
| texmaker | — | Not affected | Not affected | Not affected | Not affected |
| android | — | Not in release | Not in release | Not in release | Not in release |
| firefox | — | Not affected | Not affected | Not in release | Not affected |
| freetype | — | Fixed | Fixed | Fixed | Fixed |
| openjdk-lts | — | Not affected | Not affected | Not affected | Not affected |
| openjdk-15 | — | Not in release | Not in release | Not in release | Not in release |
| oxide-qt | — | Not in release | Not in release | Not in release | Not in release |
| paraview | — | Not affected | Not affected | Not affected | Not affected |
| qtbase-opensource-src | — | Not affected | Not affected | Not affected | Not affected |
| thunderbird | — | Not affected | Not affected | Not in release | Not affected |
| openjdk-12 | — | Not in release | Not in release | Not in release | Not in release |
| qtbase-opensource-src-gles | — | Not affected | Not affected | Not affected | Not in release |
| texlive-bin | — | Not affected | Not affected | Not affected | Not affected |
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and...
1 affected package
thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| thunderbird | — | — | — | Fixed | Fixed |
Some fixes available 23 of 29
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
7 affected packages
mozjs52, chromium-browser, firefox, mozjs38, mozjs60...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| chromium-browser | — | Not affected | Not affected | Not in release | Fixed |
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | — | Not in release | Not in release | Not in release | Not in release |
| mozjs68 | — | Not in release | Not in release | Ignored | Not in release |
| thunderbird | — | Fixed | Fixed | Fixed | Fixed |
When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to...
2 affected packages
thunderbird, firefox-esr
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| thunderbird | — | — | Not affected | Fixed | Fixed |
| firefox-esr | — | — | Not in release | Not in release | Not in release |
If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that...
2 affected packages
firefox, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | Not in release | Not affected |
| thunderbird | — | — | — | Not in release | Not affected |
Some fixes available 13 of 19
When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not...
6 affected packages
thunderbird, firefox, mozjs38, mozjs60, mozjs52, mozjs68
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| thunderbird | — | Not affected | Not affected | Fixed | Fixed |
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | — | Not in release | Not in release | Not in release | Not in release |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Not in release | Ignored | Not in release |
Some fixes available 13 of 19
By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the...
6 affected packages
firefox, mozjs38, mozjs60, thunderbird, mozjs52, mozjs68
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | — | Not in release | Not in release | Not in release | Not in release |
| thunderbird | — | Not affected | Not affected | Fixed | Fixed |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Not in release | Ignored | Not in release |
Some fixes available 13 of 19
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability...
6 affected packages
firefox, mozjs38, thunderbird, mozjs52, mozjs60, mozjs68
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| thunderbird | — | Not affected | Not affected | Fixed | Fixed |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs60 | — | Not in release | Not in release | Not in release | Not in release |
| mozjs68 | — | Not in release | Not in release | Ignored | Not in release |
Some fixes available 13 of 19
Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to...
6 affected packages
firefox, mozjs38, mozjs52, mozjs60, thunderbird, mozjs68
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs60 | — | Not in release | Not in release | Not in release | Not in release |
| thunderbird | — | Not affected | Not affected | Fixed | Fixed |
| mozjs68 | — | Not in release | Not in release | Ignored | Not in release |