Search CVE reports

811 – 820 of 1057 results

Detailed view

Sort by:

CVE-2020-15254

Medium priority

Some fixes available 14 of 31

Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements....

6 affected packages

mozjs52, mozjs68, firefox, mozjs38, mozjs60, rust-crossbeam

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs60	Not in release	Not in release	Not in release	Not in release
rust-crossbeam	Needs evaluation	Needs evaluation	Needs evaluation	Not in release

CVE-2020-15969

Medium priority

Some fixes available 23 of 29

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

7 affected packages

mozjs52, chromium-browser, firefox, mozjs38, mozjs60...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs52	Not in release	Not in release	Ignored	Ignored
chromium-browser	Not affected	Not affected	Not in release	Fixed
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs60	Not in release	Not in release	Not in release	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release
thunderbird	Fixed	Fixed	Fixed	Fixed

CVE-2020-15667

Low priority

Ignored

When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released...

5 affected packages

mozjs52, mozjs68, firefox, mozjs38, mozjs60

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
firefox	Not affected	Not affected	Not in release	Not affected
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs60	Not in release	Not in release	Not in release	Not in release

CVE-2020-15678

Medium priority

Some fixes available 13 of 19

When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not...

6 affected packages

thunderbird, firefox, mozjs38, mozjs60, mozjs52, mozjs68

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
thunderbird	Not affected	Not affected	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs60	Not in release	Not in release	Not in release	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release

CVE-2020-15677

Medium priority

Some fixes available 13 of 19

By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the...

6 affected packages

firefox, mozjs38, mozjs60, thunderbird, mozjs52, mozjs68

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs60	Not in release	Not in release	Not in release	Not in release
thunderbird	Not affected	Not affected	Fixed	Fixed
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release

CVE-2020-15676

Medium priority

Some fixes available 13 of 19

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability...

6 affected packages

firefox, mozjs38, thunderbird, mozjs52, mozjs60, mozjs68

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
thunderbird	Not affected	Not affected	Fixed	Fixed
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs60	Not in release	Not in release	Not in release	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release

CVE-2020-15675

Medium priority

Some fixes available 11 of 17

When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81.

5 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs60	Not in release	Not in release	Not in release	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release

CVE-2020-15674

Medium priority

Some fixes available 11 of 17

Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code....

5 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs60	Not in release	Not in release	Not in release	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release

CVE-2020-15673

Medium priority

Some fixes available 13 of 19

Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to...

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, thunderbird, mozjs68

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs60	Not in release	Not in release	Not in release	Not in release
thunderbird	Not affected	Not affected	Fixed	Fixed
mozjs68	Not in release	Not in release	Ignored	Not in release

CVE-2020-15664

Medium priority

Some fixes available 13 of 19

By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with...

7 affected packages

firefox, firefox-esr, mozjs38, mozjs60, thunderbird...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed
firefox-esr	Not in release	Not in release	Not in release	Not in release
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs60	Not in release	Not in release	Not in release	Not in release
thunderbird	Not affected	Not affected	Fixed	Fixed
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release

Export to JSON

Results by page: