Search CVE reports
281 – 290 of 1111 results
Some fixes available 1 of 12
Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability was fixed in Firefox 137 and Thunderbird 137.
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | Not in release | — |
| thunderbird | Not affected | Not affected | Fixed | Not in release | — |
| mozjs38 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| mozjs52 | Not in release | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Not in release | Ignored | — |
| mozjs78 | Not in release | Not in release | Ignored | Not in release | — |
| mozjs91 | Not in release | Not in release | Ignored | Not in release | — |
| mozjs102 | Not in release | Ignored | Ignored | Not in release | — |
| mozjs115 | Not in release | Ignored | Not in release | Not in release | — |
Some fixes available 1 of 12
An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability was fixed in Firefox 137 and Thunderbird 137.
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | Not in release | — |
| thunderbird | Not affected | Not affected | Fixed | Not in release | — |
| mozjs38 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| mozjs52 | Not in release | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Not in release | Ignored | — |
| mozjs78 | Not in release | Not in release | Ignored | Not in release | — |
| mozjs91 | Not in release | Not in release | Ignored | Not in release | — |
| mozjs102 | Not in release | Ignored | Ignored | Not in release | — |
| mozjs115 | Not in release | Ignored | Not in release | Not in release | — |
Some fixes available 1 of 12
Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | Not in release | — |
| thunderbird | Not affected | Not affected | Fixed | Not in release | — |
| mozjs38 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| mozjs52 | Not in release | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Not in release | Ignored | — |
| mozjs78 | Not in release | Not in release | Ignored | Not in release | — |
| mozjs91 | Not in release | Not in release | Ignored | Not in release | — |
| mozjs102 | Not in release | Ignored | Ignored | Not in release | — |
| mozjs115 | Not in release | Ignored | Not in release | Not in release | — |
Some fixes available 1 of 12
A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability was fixed in Firefox 137, Firefox ESR 128.9, Thunderbird 137, and...
9 affected packages
mozjs52, firefox, thunderbird, mozjs38, mozjs68...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mozjs52 | Not in release | Not in release | Not in release | Ignored | Ignored |
| firefox | Not affected | Not affected | Not affected | Not in release | — |
| thunderbird | Not affected | Not affected | Fixed | Not in release | — |
| mozjs38 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| mozjs68 | Not in release | Not in release | Not in release | Ignored | — |
| mozjs78 | Not in release | Not in release | Ignored | Not in release | — |
| mozjs91 | Not in release | Not in release | Ignored | Not in release | — |
| mozjs102 | Not in release | Ignored | Ignored | Not in release | — |
| mozjs115 | Not in release | Ignored | Not in release | Not in release | — |
Some fixes available 1 of 12
JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox < 137, Firefox ESR < 115.22, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9.
9 affected packages
mozjs52, mozjs78, firefox, thunderbird, mozjs38...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mozjs52 | Not in release | Not in release | Not in release | Ignored | Ignored |
| mozjs78 | Not in release | Not in release | Ignored | Not in release | — |
| firefox | Not affected | Not affected | Not affected | Not in release | — |
| thunderbird | Not affected | Not affected | Fixed | Not in release | — |
| mozjs38 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| mozjs68 | Not in release | Not in release | Not in release | Ignored | — |
| mozjs91 | Not in release | Not in release | Ignored | Not in release | — |
| mozjs102 | Not in release | Ignored | Ignored | Not in release | — |
| mozjs115 | Not in release | Ignored | Not in release | Not in release | — |
Some fixes available 2 of 13
Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...
9 affected packages
mozjs52, firefox, thunderbird, mozjs38, mozjs68...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mozjs52 | Not in release | Not in release | Not in release | Ignored | Ignored |
| firefox | Not affected | Not affected | Not affected | Fixed | — |
| thunderbird | Not affected | Not affected | Fixed | Not in release | — |
| mozjs38 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| mozjs68 | Not in release | Not in release | Not in release | Ignored | — |
| mozjs78 | Not in release | Not in release | Ignored | Not in release | — |
| mozjs91 | Not in release | Not in release | Ignored | Not in release | — |
| mozjs102 | Not in release | Ignored | Ignored | Not in release | — |
| mozjs115 | Not in release | Ignored | Not in release | Not in release | — |
Some fixes available 2 of 13
When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string. This vulnerability was fixed in Firefox 136 and Thunderbird 136.
9 affected packages
firefox, thunderbird, mozjs52, mozjs38, mozjs68...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | Fixed | — |
| thunderbird | Not affected | Not affected | Fixed | Not in release | — |
| mozjs52 | Not in release | Not in release | Not in release | Ignored | Ignored |
| mozjs38 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| mozjs68 | Not in release | Not in release | Not in release | Ignored | — |
| mozjs78 | Not in release | Not in release | Ignored | Not in release | — |
| mozjs91 | Not in release | Not in release | Ignored | Not in release | — |
| mozjs102 | Not in release | Ignored | Ignored | Not in release | — |
| mozjs115 | Not in release | Ignored | Not in release | Not in release | — |
Some fixes available 2 of 13
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | Fixed | — |
| thunderbird | Not affected | Not affected | Fixed | Not in release | — |
| mozjs38 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| mozjs52 | Not in release | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Not in release | Ignored | — |
| mozjs78 | Not in release | Not in release | Ignored | Not in release | — |
| mozjs91 | Not in release | Not in release | Ignored | Not in release | — |
| mozjs102 | Not in release | Ignored | Ignored | Not in release | — |
| mozjs115 | Not in release | Ignored | Not in release | Not in release | — |
Some fixes available 2 of 13
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these...
9 affected packages
mozjs68, mozjs38, firefox, thunderbird, mozjs52...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mozjs68 | Not in release | Not in release | Not in release | Ignored | — |
| mozjs38 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| firefox | Not affected | Not affected | Not affected | Fixed | — |
| thunderbird | Not affected | Not affected | Fixed | Not in release | — |
| mozjs52 | Not in release | Not in release | Not in release | Ignored | Ignored |
| mozjs78 | Not in release | Not in release | Ignored | Not in release | — |
| mozjs91 | Not in release | Not in release | Ignored | Not in release | — |
| mozjs102 | Not in release | Ignored | Ignored | Not in release | — |
| mozjs115 | Not in release | Ignored | Not in release | Not in release | — |
Some fixes available 2 of 13
jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of...
9 affected packages
mozjs52, firefox, thunderbird, mozjs38, mozjs68...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mozjs52 | Not in release | Not in release | Not in release | Ignored | Ignored |
| firefox | Not affected | Not affected | Not affected | Fixed | — |
| thunderbird | Not affected | Not affected | Fixed | Not in release | — |
| mozjs38 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| mozjs68 | Not in release | Not in release | Not in release | Ignored | — |
| mozjs78 | Not in release | Not in release | Ignored | Not in release | — |
| mozjs91 | Not in release | Not in release | Ignored | Not in release | — |
| mozjs102 | Not in release | Ignored | Ignored | Not in release | — |
| mozjs115 | Not in release | Ignored | Not in release | Not in release | — |