Search CVE reports
831 – 840 of 2389 results
Some fixes available 5 of 13
Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3,...
7 affected packages
firefox, mozjs78, mozjs91, thunderbird, mozjs38...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Not affected | Not affected | Fixed | Fixed |
| mozjs78 | — | Not in release | Ignored | Not in release | Not in release |
| mozjs91 | — | — | Ignored | Not in release | Not in release |
| thunderbird | — | Not affected | Fixed | Fixed | Fixed |
| mozjs38 | — | — | Not in release | Not in release | Ignored |
| mozjs52 | — | — | Not in release | Ignored | Ignored |
| mozjs68 | — | — | Not in release | Ignored | Not in release |
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
2 affected packages
firefox, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | Not affected | Fixed | Fixed |
| thunderbird | — | — | Fixed | Fixed | Fixed |
An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
2 affected packages
firefox, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | Not affected | Fixed | Fixed |
| thunderbird | — | — | Fixed | Fixed | Fixed |
Some fixes available 15 of 96
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
24 affected packages
firefox, cadaver, coin3, gdcm, libxmltok...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | Fixed | Fixed |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| coin3 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| libxmltok | Not in release | Not affected | Not affected | Not affected | Not affected |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| thunderbird | Ignored | Ignored | Ignored | Not in release | Ignored |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| vnc4 | — | — | Not in release | Not in release | Ignored |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | — | — | Not in release | Not in release | Not in release |
| cableswig | — | — | Not in release | Not in release | Not in release |
| smart | — | — | Not in release | Not in release | Ignored |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | — | — | Not in release | Not in release | Not in release |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| vtk | — | — | Not in release | Not in release | Not in release |
Some fixes available 3 of 10
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning...
2 affected packages
thunderbird, node-matrix-js-sdk
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| thunderbird | Not affected | Not affected | Fixed | Fixed | Fixed |
| node-matrix-js-sdk | Not in release | Needs evaluation | Needs evaluation | Ignored | Not in release |
Some fixes available 3 of 4
When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects...
1 affected package
thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| thunderbird | — | — | Fixed | Fixed | Fixed |
Some fixes available 3 of 4
If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with the <code>meta</code> tag having the <code>http-equiv="refresh"</code> attribute, and the content attribute specifying an URL, then...
1 affected package
thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| thunderbird | — | — | Fixed | Fixed | Fixed |
Some fixes available 3 of 4
When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or...
1 affected package
thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| thunderbird | — | — | Fixed | Fixed | Fixed |
Some fixes available 3 of 4
A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerability...
2 affected packages
firefox-esr, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox-esr | — | — | Not in release | Not in release | Not in release |
| thunderbird | — | — | Fixed | Fixed | Fixed |
A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a...
5 affected packages
thunderbird, chromium-browser, firefox, libpng, libpng1.6
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| thunderbird | — | — | Not affected | Not in release | Not affected |
| chromium-browser | — | — | Not affected | Not in release | Not affected |
| firefox | — | — | Not affected | Not in release | Not affected |
| libpng | — | — | Not in release | Not in release | Not in release |
| libpng1.6 | — | — | Not affected | Not affected | Not affected |