Search CVE reports

Toggle filters

1021 – 1030 of 3038 results

CVE-2020-26976

Medium priority

Some fixes available 21 of 33

When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due...

7 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Fixed Fixed Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs60 Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release
mozjs78 Not in release Ignored Not in release Not in release
thunderbird Fixed Fixed Fixed Fixed
Show all 7 packages Show less packages

CVE-2020-26974

Medium priority

Some fixes available 21 of 33

When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This...

7 affected packages

firefox, mozjs52, mozjs60, mozjs68, mozjs78...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Fixed Fixed Fixed Fixed
mozjs52 Not in release Not in release Ignored Ignored
mozjs60 Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release
mozjs78 Not in release Ignored Not in release Not in release
thunderbird Fixed Fixed Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored
Show all 7 packages Show less packages

CVE-2020-26973

Medium priority

Some fixes available 21 of 33

Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

7 affected packages

firefox, mozjs52, thunderbird, mozjs78, mozjs38...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Fixed Fixed Fixed Fixed
mozjs52 Not in release Not in release Ignored Ignored
thunderbird Fixed Fixed Fixed Fixed
mozjs78 Not in release Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Ignored
mozjs60 Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release
Show all 7 packages Show less packages

CVE-2020-26972

Medium priority

Some fixes available 11 of 23

The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check was omitted in WebGL, resulting...

6 affected packages

firefox, mozjs78, mozjs38, mozjs52, mozjs60, mozjs68

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Fixed Fixed Fixed Fixed
mozjs78 Not in release Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs60 Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release
Show less packages

CVE-2020-26971

Medium priority

Some fixes available 21 of 33

Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

7 affected packages

firefox, mozjs38, mozjs52, mozjs60, thunderbird...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Fixed Fixed Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs60 Not in release Not in release Not in release Not in release
thunderbird Fixed Fixed Fixed Fixed
mozjs78 Not in release Ignored Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release
Show all 7 packages Show less packages

CVE-2020-16042

Medium priority
Fixed

Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

3 affected packages

chromium-browser, firefox, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
chromium-browser Not affected Not in release Fixed
firefox Fixed Fixed Fixed
thunderbird Fixed Fixed Fixed
Show less packages

CVE-2020-26966

Low priority
Ignored

Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: This issue only affected Windows...

6 affected packages

firefox, mozjs38, mozjs60, mozjs68, mozjs52, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release Not affected
mozjs38 Not in release Not in release Not in release Ignored
mozjs60 Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored
thunderbird Not affected Not affected Not in release Not affected
Show less packages

CVE-2020-26964

Low priority
Ignored

If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and...

5 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release Not affected
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs60 Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release
Show less packages

CVE-2020-26957

Medium priority
Ignored

OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. *Note: This issue only affected Firefox for Android. Other...

5 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release Not affected
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs60 Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release
Show less packages

CVE-2020-26955

Medium priority
Ignored

When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original and subsequent request were in...

5 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release Not affected
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs60 Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release
Show less packages
  1. Previous page
  2. 101
  3. 102
  4. 103
  5. 104
  6. 105
  7. Next page
Export to JSON