Search CVE reports
1011 – 1020 of 2337 results
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and...
1 affected package
thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| thunderbird | — | — | Fixed | Fixed |
Some fixes available 23 of 29
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
7 affected packages
mozjs52, chromium-browser, firefox, mozjs38, mozjs60...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| chromium-browser | Not affected | Not affected | Not in release | Fixed |
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed |
When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to...
2 affected packages
thunderbird, firefox-esr
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| thunderbird | — | Not affected | Fixed | Fixed |
| firefox-esr | — | Not in release | Not in release | Not in release |
If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that...
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | — | — | Not in release | Not affected |
| thunderbird | — | — | Not in release | Not affected |
Some fixes available 13 of 19
When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not...
6 affected packages
thunderbird, firefox, mozjs38, mozjs60, mozjs52, mozjs68
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| thunderbird | Not affected | Not affected | Fixed | Fixed |
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
Some fixes available 13 of 19
By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the...
6 affected packages
firefox, mozjs38, mozjs60, thunderbird, mozjs52, mozjs68
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Not affected | Not affected | Fixed | Fixed |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
Some fixes available 13 of 19
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability...
6 affected packages
firefox, mozjs38, thunderbird, mozjs52, mozjs60, mozjs68
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| thunderbird | Not affected | Not affected | Fixed | Fixed |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
Some fixes available 13 of 19
Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to...
6 affected packages
firefox, mozjs38, mozjs52, mozjs60, thunderbird, mozjs68
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Not affected | Not affected | Fixed | Fixed |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
Some fixes available 13 of 19
By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with...
7 affected packages
firefox, firefox-esr, mozjs38, mozjs60, thunderbird...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed |
| firefox-esr | Not in release | Not in release | Not in release | Not in release |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Not affected | Not affected | Fixed | Fixed |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
Some fixes available 13 of 19
Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...
6 affected packages
thunderbird, mozjs52, mozjs68, firefox, mozjs38, mozjs60
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| thunderbird | Not affected | Not affected | Fixed | Fixed |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |