Search CVE reports

621 – 630 of 971 results

Detailed view

Sort by:

CVE-2021-29973

Negligible priority

Ignored

Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be entered by the browser's autofill...

6 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	Not affected
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release
thunderbird	Not affected	Not affected	Not in release	Not affected

CVE-2021-29971

Negligible priority

Ignored

If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects Firefox for Android. Other...

6 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	Not affected
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release
thunderbird	Not affected	Not affected	Not in release	Not affected

CVE-2020-15660

Medium priority

Not affected

Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.

6 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	Not affected	Not in release	Not affected
mozjs38	—	Not in release	Not in release	Not affected
mozjs52	—	Not in release	Not affected	Not affected
mozjs68	—	Not in release	Not affected	Not in release
mozjs78	—	Not affected	Not in release	Not in release
thunderbird	—	Not affected	Not in release	Not affected

CVE-2021-29977

Medium priority

Some fixes available 10 of 23

Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code....

6 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release
thunderbird	Not affected	Not affected	Not in release	Not affected

CVE-2021-29975

Medium priority

Some fixes available 10 of 23

Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar)...

6 affected packages

firefox, mozjs38, mozjs52, mozjs68, thunderbird, mozjs78

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
thunderbird	Not affected	Not affected	Not in release	Not affected
mozjs78	Not in release	Ignored	Not in release	Not in release

CVE-2021-29974

Medium priority

Some fixes available 10 of 23

When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which...

6 affected packages

mozjs78, thunderbird, firefox, mozjs38, mozjs52, mozjs68

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs78	Not in release	Ignored	Not in release	Not in release
thunderbird	Not affected	Not affected	Not in release	Not affected
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release

CVE-2021-29972

Medium priority

Some fixes available 10 of 23

A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability...

6 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release
thunderbird	Not affected	Not affected	Not in release	Not affected

CVE-2021-29976

Medium priority

Some fixes available 19 of 32

Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

6 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release
thunderbird	Fixed	Fixed	Fixed	Fixed

CVE-2021-29970

Medium priority

Some fixes available 19 of 32

A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12,...

6 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release
thunderbird	Fixed	Fixed	Fixed	Fixed

CVE-2021-29968

Medium priority

Not affected

When drawing text onto a canvas with WebRender disabled, an out of bounds read could occur. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.0.1.

6 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	Not affected	Not in release	Not affected
mozjs38	—	Not in release	Not in release	Not affected
mozjs52	—	Not in release	Not affected	Not affected
mozjs68	—	Not in release	Not affected	Not in release
mozjs78	—	Not affected	Not in release	Not in release
thunderbird	—	Not affected	Not in release	Not affected

Export to JSON

Results by page: