Search CVE reports
981 – 990 of 2389 results
Some fixes available 7 of 8
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could...
1 affected package
thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| thunderbird | — | — | Fixed | Fixed | Fixed |
Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.
6 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | Not affected | Not in release | Not affected |
| mozjs38 | — | — | Not in release | Not in release | Not affected |
| mozjs52 | — | — | Not in release | Not affected | Not affected |
| mozjs68 | — | — | Not in release | Not affected | Not in release |
| mozjs78 | — | — | Not affected | Not in release | Not in release |
| thunderbird | — | — | Not affected | Not in release | Not affected |
Some fixes available 10 of 23
Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code....
6 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Not in release | Ignored | Not in release |
| mozjs78 | — | Not in release | Ignored | Not in release | Not in release |
| thunderbird | — | Not affected | Not affected | Not in release | Not affected |
Some fixes available 10 of 23
Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar)...
6 affected packages
firefox, mozjs38, mozjs52, mozjs68, thunderbird, mozjs78
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Not in release | Ignored | Not in release |
| thunderbird | — | Not affected | Not affected | Not in release | Not affected |
| mozjs78 | — | Not in release | Ignored | Not in release | Not in release |
Some fixes available 10 of 23
When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which...
6 affected packages
mozjs78, thunderbird, firefox, mozjs38, mozjs52, mozjs68
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mozjs78 | — | Not in release | Ignored | Not in release | Not in release |
| thunderbird | — | Not affected | Not affected | Not in release | Not affected |
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Not in release | Ignored | Not in release |
Some fixes available 10 of 23
A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability...
6 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Not in release | Ignored | Not in release |
| mozjs78 | — | Not in release | Ignored | Not in release | Not in release |
| thunderbird | — | Not affected | Not affected | Not in release | Not affected |
Some fixes available 19 of 32
Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...
6 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Not in release | Ignored | Not in release |
| mozjs78 | — | Not in release | Ignored | Not in release | Not in release |
| thunderbird | — | Fixed | Fixed | Fixed | Fixed |
Some fixes available 19 of 32
A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12,...
6 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Not in release | Ignored | Not in release |
| mozjs78 | — | Not in release | Ignored | Not in release | Not in release |
| thunderbird | — | Fixed | Fixed | Fixed | Fixed |
When drawing text onto a canvas with WebRender disabled, an out of bounds read could occur. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.0.1.
6 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | Not affected | Not in release | Not affected |
| mozjs38 | — | — | Not in release | Not in release | Not affected |
| mozjs52 | — | — | Not in release | Not affected | Not affected |
| mozjs68 | — | — | Not in release | Not affected | Not in release |
| mozjs78 | — | — | Not affected | Not in release | Not in release |
| thunderbird | — | — | Not affected | Not in release | Not affected |
A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. *This...
6 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Not affected | Not affected | Not in release | Not affected |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Not in release | Ignored | Not in release |
| mozjs78 | — | Not in release | Ignored | Not in release | Not in release |
| thunderbird | — | Not affected | Not affected | Not in release | Not affected |