Search CVE reports
491 – 500 of 1005 results
Some fixes available 2 of 11
When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. This vulnerability affects Firefox < 111.
7 affected packages
firefox, mozjs68, mozjs78, mozjs91, thunderbird...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed |
| mozjs68 | — | Not in release | Ignored | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| mozjs91 | — | Ignored | Not in release | Not in release |
| thunderbird | Not affected | Not affected | Not in release | Ignored |
| mozjs38 | — | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Ignored | Ignored |
Some fixes available 6 of 14
When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox <...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Ignored | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| mozjs91 | — | Ignored | Not in release | Not in release |
| thunderbird | Not affected | Fixed | Fixed | Fixed |
Some fixes available 9 of 17
Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox...
8 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Ignored | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| mozjs91 | — | Ignored | Not in release | Not in release |
| thunderbird | Not affected | Fixed | Fixed | Fixed |
| mozjs102 | Not affected | Fixed | Not in release | Not in release |
Some fixes available 2 of 11
Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. This vulnerability affects Firefox < 111.
7 affected packages
firefox, thunderbird, mozjs78, mozjs38, mozjs52...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed |
| thunderbird | Not affected | Not affected | Not in release | Ignored |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| mozjs38 | — | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Ignored | Not in release |
| mozjs91 | — | Ignored | Not in release | Not in release |
Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed.
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | — | Not affected | Not in release | Ignored |
| mozjs38 | — | Not in release | Not in release | Not affected |
| mozjs52 | — | Not in release | Not affected | Not affected |
| mozjs68 | — | Not in release | Not affected | Not in release |
| mozjs78 | — | Not affected | Not in release | Not in release |
| mozjs91 | — | Not affected | Not in release | Not in release |
| thunderbird | — | Not affected | Not in release | Ignored |
Some fixes available 2 of 11
Memory safety bugs present in Firefox 109. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects...
7 affected packages
mozjs78, firefox, mozjs38, mozjs52, mozjs68...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| firefox | Not affected | Not affected | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Ignored | Not in release |
| mozjs91 | — | Ignored | Not in release | Not in release |
| thunderbird | Not affected | Not affected | Not in release | Ignored |
Some fixes available 2 of 11
Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...
7 affected packages
firefox, mozjs68, mozjs78, mozjs91, thunderbird...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed |
| mozjs68 | — | Not in release | Ignored | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| mozjs91 | — | Ignored | Not in release | Not in release |
| thunderbird | Not affected | Not affected | Not in release | Ignored |
| mozjs38 | — | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Ignored | Ignored |
Some fixes available 6 of 14
When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Ignored | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| mozjs91 | — | Ignored | Not in release | Not in release |
| thunderbird | Not affected | Fixed | Fixed | Fixed |
Some fixes available 2 of 11
When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Ignored | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| mozjs91 | — | Ignored | Not in release | Not in release |
| thunderbird | Not affected | Not affected | Not in release | Ignored |
Some fixes available 9 of 17
Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and...
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed |
| mozjs102 | Not affected | Fixed | Not in release | Not in release |
| mozjs38 | — | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Ignored | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| mozjs91 | — | Ignored | Not in release | Not in release |
| thunderbird | Not affected | Fixed | Fixed | Fixed |