Search CVE reports

Toggle filters

121 – 130 of 2820 results

CVE-2024-9398

Medium priority

Some fixes available 1 of 12

By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox <...

9 affected packages

mozjs68, firefox, thunderbird, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mozjs68 Not in release Not in release Ignored
firefox Not affected Not affected Fixed
thunderbird Not affected Not affected Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Needs evaluation Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2024-9397

Medium priority

Some fixes available 1 of 12

A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed
thunderbird Not affected Not affected Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Needs evaluation Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2024-9396

Medium priority

Some fixes available 1 of 12

It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR <...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed
thunderbird Not affected Not affected Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Needs evaluation Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2024-9395

Medium priority
Not affected

A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This...

2 affected packages

firefox, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
Show less packages

CVE-2024-9394

Medium priority

Some fixes available 3 of 14

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site"...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed
thunderbird Not affected Fixed Fixed
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Needs evaluation Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2024-9393

Medium priority

Some fixes available 3 of 14

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site"...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed
thunderbird Not affected Fixed Fixed
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Needs evaluation Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2024-9392

Medium priority

Some fixes available 3 of 14

A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed
thunderbird Not affected Fixed Fixed
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Needs evaluation Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2024-9391

Medium priority
Not affected

A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible. *This bug only...

2 affected packages

firefox, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
Show less packages

CVE-2024-8900

Medium priority
Fixed

An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3.

2 affected packages

firefox, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed
thunderbird Not affected Not affected Not in release
Show less packages

CVE-2024-8389

Medium priority

Some fixes available 1 of 11

Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects...

9 affected packages

mozjs52, firefox, thunderbird, mozjs38, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mozjs52 Not in release Not in release Ignored Ignored
firefox Not affected Not affected Fixed
thunderbird Not affected Not affected Not in release
mozjs38 Not in release Not in release Not in release Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
Show all 9 packages Show less packages
  1. Previous page
  2. 11
  3. 12
  4. 13
  5. 14
  6. 15
  7. Next page
Export to JSON