Search CVE reports
741 – 750 of 951 results
Some fixes available 12 of 20
Mozilla developers reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code....
5 affected packages
mozjs52, mozjs68, firefox, mozjs38, mozjs60
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
Some fixes available 12 of 20
When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox < 77.
5 affected packages
mozjs52, mozjs68, mozjs60, firefox, mozjs38
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
Some fixes available 12 of 20
When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox < 77.
5 affected packages
mozjs52, mozjs68, firefox, mozjs38, mozjs60
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
Some fixes available 12 of 20
Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from...
5 affected packages
mozjs52, mozjs68, firefox, mozjs38, mozjs60
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
Some fixes available 24 of 32
Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects...
6 affected packages
mozjs52, mozjs68, mozjs38, mozjs60, firefox, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
| firefox | Fixed | Fixed | Fixed | Fixed |
| thunderbird | Fixed | Fixed | Fixed | Fixed |
Some fixes available 24 of 32
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
6 affected packages
mozjs52, mozjs68, firefox, mozjs38, thunderbird, mozjs60
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| thunderbird | Fixed | Fixed | Fixed | Fixed |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't needed in this case, and its usage...
6 affected packages
firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | — | — | Not in release | Not affected |
| mozjs38 | — | — | Not in release | Not affected |
| mozjs52 | — | — | Not affected | Not affected |
| mozjs60 | — | — | Not in release | Not in release |
| mozjs68 | — | — | Not affected | Not in release |
| thunderbird | — | — | Not in release | Not affected |
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR <...
5 affected packages
mozjs38, mozjs52, mozjs60, mozjs68, firefox
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| firefox | Not affected | Not affected | Not in release | Not affected |
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR <...
5 affected packages
mozjs52, mozjs68, firefox, mozjs38, mozjs60
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| firefox | Not affected | Not affected | Not in release | Not affected |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it...
6 affected packages
mozjs52, mozjs68, firefox, mozjs38, mozjs60, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| firefox | Not affected | Not affected | Not in release | Not affected |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Not affected | Not affected | Not in release | Not affected |