Search CVE reports
1171 – 1180 of 2385 results
Some fixes available 42 of 53
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This...
6 affected packages
firefox, mozjs52, mozjs38, mozjs60, nss, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | — | Not in release | Not in release | Not in release | Not in release |
| nss | — | Fixed | Fixed | Fixed | Fixed |
| thunderbird | — | Fixed | Fixed | Fixed | Fixed |
Some fixes available 28 of 38
A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR <...
5 affected packages
mozjs52, firefox, mozjs38, mozjs60, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | — | Not in release | Not in release | Not in release | Not in release |
| thunderbird | — | Fixed | Fixed | Fixed | Fixed |
Some fixes available 28 of 38
Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8,...
5 affected packages
mozjs60, firefox, mozjs38, mozjs52, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mozjs60 | — | Not in release | Not in release | Not in release | Not in release |
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| thunderbird | — | Fixed | Fixed | Fixed | Fixed |
Some fixes available 28 of 38
A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
5 affected packages
mozjs38, mozjs52, firefox, mozjs60, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs60 | — | Not in release | Not in release | Not in release | Not in release |
| thunderbird | — | Fixed | Fixed | Fixed | Fixed |
Some fixes available 28 of 38
POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability...
5 affected packages
firefox, mozjs38, mozjs52, mozjs60, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs60 | — | Not in release | Not in release | Not in release | Not in release |
| thunderbird | — | Fixed | Fixed | Fixed | Fixed |
Some fixes available 28 of 38
When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject...
5 affected packages
firefox, mozjs38, mozjs52, mozjs60, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs60 | — | Not in release | Not in release | Not in release | Not in release |
| thunderbird | — | Fixed | Fixed | Fixed | Fixed |
Some fixes available 28 of 38
Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these...
5 affected packages
mozjs52, firefox, mozjs38, mozjs60, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | — | Not in release | Not in release | Not in release | Not in release |
| thunderbird | — | Fixed | Fixed | Fixed | Fixed |
Some fixes available 2 of 7
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
5 affected packages
chromium-browser, firefox, libpng, libpng1.6, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | Not affected | Not affected | Not affected | Not in release | Not affected |
| firefox | Not affected | Not affected | Not affected | Not in release | Not affected |
| libpng | Not in release | Not in release | Not in release | Not in release | Not in release |
| libpng1.6 | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Not affected | Not in release | Not affected |
Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title...
6 affected packages
firefox-esr, mozjs38, firefox, mozjs52, mozjs60, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox-esr | — | — | — | — | Not in release |
| mozjs38 | — | — | — | — | Not affected |
| firefox | — | — | — | — | Not affected |
| mozjs52 | — | — | — | — | Not affected |
| mozjs60 | — | — | — | — | Not in release |
| thunderbird | — | — | — | — | Not affected |
Some fixes available 27 of 118
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable...
32 affected packages
apache2, ghostscript, libparagui1.1, poco, sitecopy...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
| poco | Not affected | Not affected | Not affected | Not affected | Not affected |
| sitecopy | Needs evaluation | Not in release | Not affected | Not affected | Not affected |
| audacity | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release | Not in release |
| coin3 | Not affected | Not affected | Not affected | Not affected | Vulnerable |
| firefox | Not affected | Not affected | Not affected | Not in release | Not affected |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| smart | Not in release | Not in release | Not in release | Not in release | Not affected |
| tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Not affected | Not in release | Not affected |
| vtk | Not in release | Not in release | Not in release | Not in release | Not in release |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| libxmltok | Not in release | Fixed | Fixed | Fixed | Fixed |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release | Not in release |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
| simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |