Search CVE reports

551 – 560 of 971 results

Detailed view

Sort by:

CVE-2022-28289

Medium priority

Some fixes available 11 of 20

Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs showed evidence of...

7 affected packages

firefox, mozjs78, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed
mozjs78	Not in release	Ignored	Not in release	Not in release
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release
thunderbird	Not affected	Not affected	Fixed	Fixed

CVE-2022-28285

Medium priority

Some fixes available 12 of 20

When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This...

7 affected packages

firefox, mozjs78, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed
mozjs78	Not in release	Ignored	Not in release	Not in release
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs91	Not in release	Fixed	Not in release	Not in release
thunderbird	Not affected	Not affected	Fixed	Fixed

CVE-2022-24791

Medium priority

Some fixes available 5 of 21

Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If you are...

7 affected packages

firefox, mozjs38, mozjs52, mozjs68, thunderbird...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Not in release	Ignored
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
thunderbird	Ignored	Ignored	Not in release	Ignored
mozjs78	Not in release	Ignored	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release

CVE-2022-26387

Medium priority

Some fixes available 16 of 24

When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This...

7 affected packages

mozjs78, firefox, firefox-esr, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs78	Not in release	Ignored	Not in release	Not in release
firefox	Fixed	Fixed	Fixed	Fixed
firefox-esr	—	—	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
thunderbird	Fixed	Fixed	Fixed	Fixed

CVE-2022-26384

Medium priority

Some fixes available 16 of 24

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation...

7 affected packages

mozjs78, firefox, firefox-esr, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs78	Not in release	Ignored	Not in release	Not in release
firefox	Fixed	Fixed	Fixed	Fixed
firefox-esr	—	—	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
thunderbird	Fixed	Fixed	Fixed	Fixed

CVE-2022-26383

Medium priority

Some fixes available 16 of 24

When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

7 affected packages

firefox, mozjs38, mozjs52, thunderbird, firefox-esr...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
thunderbird	Fixed	Fixed	Fixed	Fixed
firefox-esr	—	—	—	—
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release

CVE-2022-26381

Medium priority

Some fixes available 16 of 24

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

7 affected packages

firefox, mozjs38, mozjs52, mozjs68, thunderbird...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
thunderbird	Fixed	Fixed	Fixed	Fixed
firefox-esr	—	—	—	—
mozjs78	Not in release	Ignored	Not in release	Not in release

CVE-2022-0843

Medium priority

Some fixes available 8 of 16

Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these...

5 affected packages

mozjs78, firefox, mozjs38, mozjs52, mozjs68

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs78	Not in release	Ignored	Not in release	Not in release
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release

CVE-2022-23639

Medium priority

Some fixes available 10 of 41

crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was...

11 affected packages

rust-crossbeam-utils, rust-crossbeam-utils-0.7, firefox, mozjs38, librsvg...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rust-crossbeam-utils	Not affected	Vulnerable	Vulnerable	Not in release
rust-crossbeam-utils-0.7	Not in release	Vulnerable	Not in release	Not in release
firefox	Fixed	Fixed	Not in release	Ignored
mozjs38	Not in release	Not in release	Not in release	Ignored
librsvg	Not affected	Not affected	Not affected	Not affected
mozjs78	Not in release	Ignored	Not in release	Not in release
rustc	Not affected	Fixed	Fixed	Not affected
thunderbird	Ignored	Ignored	Not in release	Ignored
cargo	Not in release	Not affected	Not affected	Not affected
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release

CVE-2022-22764

Medium priority

Some fixes available 16 of 24

Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough...

6 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release
thunderbird	Fixed	Fixed	Fixed	Fixed

Export to JSON

Results by page: