Search CVE reports

421 – 430 of 2843 results

Detailed view

Sort by:

CVE-2023-37202

Medium priority

Some fixes available 8 of 17

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR <...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Fixed	Ignored
thunderbird	Not affected	Fixed	Fixed	Ignored
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release
mozjs102	Not affected	Fixed	Not in release	Not in release

CVE-2023-37201

Medium priority

Some fixes available 5 of 6

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	Not affected	Fixed	Ignored
thunderbird	—	Fixed	Fixed	Ignored

CVE-2023-29546

Medium priority

Ignored

When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android. Other operating...

7 affected packages

thunderbird, firefox, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
thunderbird	Not affected	Not affected	Not in release	Ignored
firefox	Not affected	Not affected	Not in release	Not affected
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release

CVE-2023-29545

Medium priority

Ignored

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bug only affects Firefox...

7 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	Not affected
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release
thunderbird	Not affected	Not affected	Not in release	Not affected

CVE-2023-29542

Medium priority

Ignored

A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This...

7 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	Not affected
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release
thunderbird	Not affected	Not affected	Not in release	Not affected

CVE-2023-29534

Medium priority

Ignored

Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and Focus for Android....

7 affected packages

thunderbird, firefox, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
thunderbird	Not affected	Not affected	Not in release	Ignored
firefox	Not affected	Not affected	Not in release	Not affected
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release

CVE-2019-25136

Medium priority

Not affected

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70.

2 affected packages

thunderbird, firefox

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
thunderbird	—	Not affected	Not in release	Ignored
firefox	—	Not affected	Not in release	Ignored

CVE-2023-32214

Medium priority

Not affected

Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113,...

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	Not affected	Not in release	Ignored
thunderbird	—	Not affected	Not in release	Ignored

CVE-2023-29532

Negligible priority

Ignored

A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check,...

7 affected packages

mozjs52, mozjs68, mozjs78, mozjs91, thunderbird...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release
thunderbird	Not affected	Not affected	Not in release	Not affected
firefox	Not affected	Not affected	Not in release	Not affected
mozjs38	Not in release	Not in release	Not in release	Ignored

CVE-2023-29531

Negligible priority

Ignored

An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS. Other operating systems are...

7 affected packages

mozjs52, mozjs68, firefox, mozjs38, thunderbird...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
firefox	Not affected	Not affected	Not in release	Not affected
mozjs38	Not in release	Not in release	Not in release	Ignored
thunderbird	Not affected	Not affected	Not in release	Not affected
mozjs78	Not in release	Ignored	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release

Export to JSON

Results by page: