Search CVE reports

Toggle filters

221 – 230 of 263 results

CVE-2023-5169

Medium priority

Some fixes available 4 of 16

A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox <...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed Ignored Ignored
mozjs102 Ignored Ignored Not in release Not in release Not in release
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release Not in release
thunderbird Not affected Fixed Fixed Ignored Ignored
Show all 8 packages Show less packages

CVE-2023-5174

Medium priority
Ignored

If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This bug only affects Firefox on...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Not affected Ignored Ignored
mozjs102 Ignored Ignored Not in release Not in release Not in release
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release Not in release
thunderbird Not affected Not affected Not affected Ignored Ignored
Show all 8 packages Show less packages

CVE-2023-5168

Medium priority
Ignored

A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Not affected Ignored Ignored
mozjs102 Ignored Ignored Not in release Not in release Not in release
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release Not in release
thunderbird Not affected Not affected Not affected Ignored Ignored
Show all 8 packages Show less packages

CVE-2023-4582

Negligible priority
Not affected

Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS. *This bug only affects Firefox on macOS. Other operating...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Ignored Ignored
mozjs102 Not affected Not in release Not in release Not in release
mozjs38 Not in release Not in release Not affected Not in release
mozjs52 Not in release Not affected Not affected Not in release
mozjs68 Not in release Not affected Not in release Not in release
mozjs78 Not affected Not in release Not in release Not in release
mozjs91 Not affected Not in release Not in release Not in release
thunderbird Not affected Not affected Ignored Ignored
Show all 8 packages Show less packages

CVE-2023-4576

Negligible priority
Ignored

On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Ignored Ignored Ignored Ignored
mozjs102 Ignored Not in release Not in release Not in release
mozjs38 Not in release Not in release Ignored Not in release
mozjs52 Not in release Ignored Ignored Not in release
mozjs68 Not in release Ignored Not in release Not in release
mozjs78 Ignored Not in release Not in release Not in release
mozjs91 Ignored Not in release Not in release Not in release
thunderbird Ignored Ignored Ignored Ignored
Show all 8 packages Show less packages

CVE-2023-4585

Medium priority

Some fixes available 6 of 18

Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed Ignored Ignored
mozjs102 Ignored Ignored Not in release Not in release Not in release
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release Not in release
thunderbird Fixed Fixed Fixed Ignored Ignored
Show all 8 packages Show less packages

CVE-2023-4584

Medium priority

Some fixes available 6 of 18

Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed Ignored Ignored
mozjs102 Ignored Ignored Not in release Not in release Not in release
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release Not in release
thunderbird Fixed Fixed Fixed Ignored Ignored
Show all 8 packages Show less packages

CVE-2023-4583

Medium priority

Some fixes available 6 of 18

When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed Ignored Ignored
mozjs102 Ignored Ignored Not in release Not in release Not in release
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release Not in release
thunderbird Fixed Fixed Fixed Ignored Ignored
Show all 8 packages Show less packages

CVE-2023-4581

Medium priority

Some fixes available 6 of 18

Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR <...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed Ignored Ignored
mozjs102 Ignored Ignored Not in release Not in release Not in release
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release Not in release
thunderbird Fixed Fixed Fixed Ignored Ignored
Show all 8 packages Show less packages

CVE-2023-4580

Medium priority

Some fixes available 6 of 18

Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed Ignored Ignored
mozjs102 Ignored Ignored Not in release Not in release Not in release
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release Not in release
thunderbird Fixed Fixed Fixed Ignored Ignored
Show all 8 packages Show less packages
  1. Previous page
  2. 21
  3. 22
  4. 23
  5. 24
  6. 25
  7. Next page
Export to JSON