Search CVE reports
1141 – 1150 of 3038 results
Some fixes available 24 of 30
By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This...
5 affected packages
mozjs52, firefox, mozjs38, mozjs60, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed |
Some fixes available 24 of 30
When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74,...
5 affected packages
mozjs52, firefox, mozjs38, mozjs60, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed |
Some fixes available 12 of 18
When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox < 74.
4 affected packages
mozjs52, firefox, mozjs38, mozjs60
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
2 affected packages
chromium-browser, firefox
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium-browser | — | — | — | Fixed |
| firefox | — | — | — | Fixed |
Some fixes available 32 of 45
usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
4 affected packages
chromium-browser, firefox, libusrsctp, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium-browser | Not affected | Not affected | Not in release | Fixed |
| firefox | Fixed | Fixed | Fixed | Fixed |
| libusrsctp | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed |
Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file...
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | — | — | — | Not affected |
| thunderbird | — | — | — | Not affected |
By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply...
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | — | — | — | Not affected |
| thunderbird | — | — | — | Not affected |
Not in release
Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding
1 affected package
firefox-esr
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox-esr | — | — | — | Not in release |
Mozilla developers reported memory safety bugs present in Firefox 72. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code....
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | — | — | — | Fixed |
| thunderbird | — | — | — | Not affected |
Some fixes available 24 of 30
Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could...
6 affected packages
mozjs52, firefox, firefox-esr, mozjs38, mozjs60, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| firefox | Fixed | Fixed | Fixed | Fixed |
| firefox-esr | Not in release | Not in release | Not in release | Not in release |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed |