Search CVE reports
11 – 20 of 21510 results
CVE-2024-11705
Medium priority`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| mozjs102 | Ignored |
| mozjs115 | Ignored |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| thunderbird | Not affected |
CVE-2024-11704
Medium priorityA double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption....
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| mozjs102 | Ignored |
| mozjs115 | Ignored |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| thunderbird | Not affected |
CVE-2024-11703
Medium priorityOn Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| mozjs102 | Ignored |
| mozjs115 | Ignored |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| thunderbird | Not affected |
CVE-2024-11702
Medium priorityCopying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| mozjs102 | Ignored |
| mozjs115 | Ignored |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| thunderbird | Not affected |
CVE-2024-11701
Medium priorityThe incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| mozjs102 | Ignored |
| mozjs115 | Ignored |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| thunderbird | Not affected |
CVE-2024-11700
Medium priorityMalicious websites may have been able to user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities....
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| mozjs102 | Ignored |
| mozjs115 | Ignored |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| thunderbird | Not affected |
CVE-2024-11699
Medium priorityMemory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| mozjs102 | Ignored |
| mozjs115 | Ignored |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| thunderbird | Not affected |
CVE-2024-11698
Medium priorityA flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| mozjs102 | Ignored |
| mozjs115 | Ignored |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| thunderbird | Not affected |
CVE-2024-11697
Medium priorityWhen handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox <...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| mozjs102 | Ignored |
| mozjs115 | Ignored |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| thunderbird | Not affected |
CVE-2024-11696
Medium priorityThe application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| mozjs102 | Ignored |
| mozjs115 | Ignored |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| thunderbird | Not affected |