Search CVE reports

Toggle filters

1091 – 1100 of 2385 results

CVE-2020-12415

Medium priority

Some fixes available 14 of 23

When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level...

6 affected packages

thunderbird, mozjs52, mozjs68, mozjs38, mozjs60, firefox

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
thunderbird Not affected Not affected Fixed Fixed
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored Not in release
mozjs38 Not in release Not in release Not in release Ignored
mozjs60 Not in release Not in release Not in release Not in release
firefox Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-12398

Medium priority
Fixed

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This...

1 affected package

thunderbird

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
thunderbird Fixed Fixed
Show less packages

CVE-2020-12410

Medium priority

Some fixes available 24 of 32

Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to...

7 affected packages

mozjs52, mozjs68, firefox-esr, firefox, thunderbird...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored Not in release
firefox-esr Not in release Not in release Not in release Not in release
firefox Fixed Fixed Fixed Fixed
thunderbird Fixed Fixed Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored
mozjs60 Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2020-12406

Medium priority

Some fixes available 24 of 32

Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects...

6 affected packages

mozjs52, mozjs68, mozjs38, mozjs60, firefox, thunderbird

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored Not in release
mozjs38 Not in release Not in release Not in release Ignored
mozjs60 Not in release Not in release Not in release Not in release
firefox Fixed Fixed Fixed Fixed
thunderbird Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-12405

Medium priority

Some fixes available 24 of 32

When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

6 affected packages

mozjs52, mozjs68, firefox, mozjs38, thunderbird, mozjs60

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored Not in release
firefox Fixed Fixed Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored
thunderbird Fixed Fixed Fixed Fixed
mozjs60 Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-6830

Medium priority
Not affected

For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't needed in this case, and its usage...

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not in release Not affected
mozjs38 Not in release Not affected
mozjs52 Not affected Not affected
mozjs60 Not in release Not in release
mozjs68 Not affected Not in release
thunderbird Not in release Not affected
Show less packages

CVE-2020-12393

Medium priority
Ignored

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it...

6 affected packages

mozjs52, mozjs68, firefox, mozjs38, mozjs60, thunderbird

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored Not in release
firefox Not affected Not affected Not in release Not affected
mozjs38 Not in release Not in release Not in release Ignored
mozjs60 Not in release Not in release Not in release Not in release
thunderbird Not affected Not affected Not in release Not affected
Show less packages

CVE-2020-12399

Medium priority
Fixed

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

3 affected packages

thunderbird, firefox, nss

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
thunderbird Fixed Fixed
firefox Fixed Fixed
nss Fixed Fixed
Show less packages

CVE-2020-6463

Medium priority

Some fixes available 15 of 21

Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

7 affected packages

chromium-browser, firefox, thunderbird, mozjs38, mozjs60...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
chromium-browser Not affected Not affected Not in release Fixed
firefox Fixed Fixed Fixed Fixed
thunderbird Not affected Not affected Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored
mozjs60 Not in release Not in release Not in release Not in release
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored Not in release
Show all 7 packages Show less packages

CVE-2020-12397

Low priority
Fixed

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0.

1 affected package

thunderbird

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
thunderbird Fixed Fixed
Show less packages
  1. Previous page
  2. 108
  3. 109
  4. 110
  5. 111
  6. 112
  7. Next page
Export to JSON