Search CVE reports
71 – 80 of 243 results
CVE-2024-5695
Medium prioritySome fixes available 1 of 11
If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred....
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Ignored | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Not affected | Not affected | — | — |
CVE-2024-5694
Medium prioritySome fixes available 1 of 11
An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127.
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Ignored | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Not affected | Not affected | — | — |
CVE-2024-5693
Medium prioritySome fixes available 4 of 13
Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12,...
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Ignored | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Fixed | Fixed | — | — |
CVE-2024-5691
Medium prioritySome fixes available 4 of 13
By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127,...
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Ignored | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Fixed | Fixed | — | — |
CVE-2024-5690
Medium prioritySome fixes available 4 of 13
By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Ignored | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Fixed | Fixed | — | — |
CVE-2024-5689
Medium prioritySome fixes available 1 of 11
In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing. This...
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Ignored | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Not affected | Not affected | — | — |
CVE-2024-5688
Medium prioritySome fixes available 4 of 13
If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Ignored | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Fixed | Fixed | — | — |
CVE-2024-4778
Medium prioritySome fixes available 1 of 11
Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects...
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Ignored | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Not affected | Not affected | — | — |
CVE-2024-4777
Medium prioritySome fixes available 4 of 13
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Ignored | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Fixed | Fixed | — | — |
CVE-2024-4776
Medium prioritySome fixes available 1 of 11
A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox < 126.
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Ignored | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Not affected | Not affected | — | — |