Search CVE reports

Toggle filters

671 – 680 of 2389 results

CVE-2023-4047

Medium priority

Some fixes available 6 of 17

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed Ignored
thunderbird Fixed Fixed Fixed Ignored
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored Not in release
mozjs78 Not in release Ignored Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release
mozjs102 Ignored Ignored Not in release Not in release
Show all 8 packages Show less packages

CVE-2023-4046

Medium priority

Some fixes available 8 of 15

In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed Ignored
thunderbird Fixed Fixed Fixed Ignored
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored Not in release
mozjs78 Not in release Ignored Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release
mozjs102 Not affected Fixed Not in release Not in release
Show all 8 packages Show less packages

CVE-2023-4045

Medium priority

Some fixes available 6 of 17

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14,...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed Ignored
thunderbird Fixed Fixed Fixed Ignored
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored Not in release
mozjs78 Not in release Ignored Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release
mozjs102 Ignored Ignored Not in release Not in release
Show all 8 packages Show less packages

CVE-2023-3417

Medium priority
Fixed

Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will...

1 affected package

thunderbird

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
thunderbird Fixed Fixed Fixed Ignored
Show less packages

CVE-2023-3600

Medium priority

Some fixes available 6 of 8

During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1.

2 affected packages

firefox, thunderbird

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed Ignored
thunderbird Fixed Fixed Fixed Ignored
Show less packages

CVE-2023-37212

Medium priority

Some fixes available 1 of 3

Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects...

2 affected packages

firefox, thunderbird

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Fixed Ignored
thunderbird Not affected Not in release Ignored
Show less packages

CVE-2023-37210

Medium priority

Some fixes available 1 of 3

A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.

2 affected packages

firefox, thunderbird

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Fixed Ignored
thunderbird Not affected Not in release Ignored
Show less packages

CVE-2023-37209

Medium priority

Some fixes available 1 of 3

A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference...

2 affected packages

firefox, thunderbird

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Fixed Ignored
thunderbird Not affected Not in release Ignored
Show less packages

CVE-2023-37206

Medium priority

Some fixes available 1 of 3

Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115.

2 affected packages

firefox, thunderbird

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Fixed Ignored
thunderbird Not affected Not in release Ignored
Show less packages

CVE-2023-37205

Medium priority

Some fixes available 1 of 3

The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115.

2 affected packages

firefox, thunderbird

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Fixed Ignored
thunderbird Not affected Not in release Ignored
Show less packages
  1. Previous page
  2. 66
  3. 67
  4. 68
  5. 69
  6. 70
  7. Next page
Export to JSON