Search CVE reports

Toggle filters

221 – 230 of 2820 results

CVE-2024-3854

Medium priority

Some fixes available 4 of 13

In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed
thunderbird Not affected Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
Show all 8 packages Show less packages

CVE-2024-3853

Medium priority

Some fixes available 1 of 11

A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. This vulnerability affects Firefox < 125.

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed
thunderbird Not affected Not affected Not in release
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
Show all 8 packages Show less packages

CVE-2024-3852

Medium priority

Some fixes available 4 of 13

GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

8 affected packages

mozjs52, firefox, thunderbird, mozjs38, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mozjs52 Not in release Not in release Ignored Ignored
firefox Not affected Not affected Fixed
thunderbird Not affected Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
Show all 8 packages Show less packages

CVE-2024-38313

Medium priority
Not affected

In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS < 127.

2 affected packages

firefox, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
Show less packages

CVE-2024-38312

Medium priority
Not affected

When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 127.

2 affected packages

firefox, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
Show less packages

CVE-2024-3302

Medium priority

Some fixes available 4 of 13

There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10,...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed
thunderbird Not affected Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
Show all 8 packages Show less packages

CVE-2024-31393

Medium priority
Not affected

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS < 124.

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
mozjs38 Not in release Not in release Not in release Not affected
mozjs52 Not in release Not in release Not affected Not affected
mozjs68 Not in release Not in release Not affected
mozjs78 Not in release Not affected Not in release
mozjs91 Not in release Not affected Not in release
mozjs102 Not affected Not affected Not in release
Show all 8 packages Show less packages

CVE-2024-31392

Medium priority
Not affected

If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124.

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
mozjs38 Not in release Not in release Not in release Not affected
mozjs52 Not in release Not in release Not affected Not affected
mozjs68 Not in release Not in release Not affected
mozjs78 Not in release Not affected Not in release
mozjs91 Not in release Not affected Not in release
mozjs102 Not affected Not affected Not in release
Show all 8 packages Show less packages

CVE-2024-29944

Medium priority

Some fixes available 1 of 11

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed
thunderbird Not affected Not affected Not in release
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
Show all 8 packages Show less packages

CVE-2024-29943

Medium priority

Some fixes available 1 of 11

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed
thunderbird Not affected Not affected Not in release
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
Show all 8 packages Show less packages
  1. Previous page
  2. 21
  3. 22
  4. 23
  5. 24
  6. 25
  7. Next page
Export to JSON