Search CVE reports

211 – 220 of 349 results

Detailed view

Sort by:

CVE-2024-3854

Medium priority

Some fixes available 4 of 13

In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Fixed	—
thunderbird	Not affected	Fixed	Fixed	—
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—

CVE-2024-3853

Medium priority

Some fixes available 1 of 11

A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. This vulnerability affects Firefox < 125.

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Fixed	—
thunderbird	Not affected	Not affected	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—

CVE-2024-3852

Medium priority

Some fixes available 4 of 13

GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

8 affected packages

mozjs52, firefox, thunderbird, mozjs38, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs52	Not in release	Not in release	Ignored	Ignored
firefox	Not affected	Not affected	Fixed	—
thunderbird	Not affected	Fixed	Fixed	—
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—

CVE-2024-3302

Medium priority

Some fixes available 4 of 13

There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10,...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Fixed	—
thunderbird	Not affected	Fixed	Fixed	—
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—

CVE-2024-31393

Medium priority

Not affected

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS < 124.

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Not affected
mozjs52	Not in release	Not in release	Not affected	Not affected
mozjs68	Not in release	Not in release	Not affected	—
mozjs78	Not in release	Not affected	Not in release	—
mozjs91	Not in release	Not affected	Not in release	—
mozjs102	Not affected	Not affected	Not in release	—

CVE-2024-31392

Medium priority

Not affected

If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124.

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Not affected
mozjs52	Not in release	Not in release	Not affected	Not affected
mozjs68	Not in release	Not in release	Not affected	—
mozjs78	Not in release	Not affected	Not in release	—
mozjs91	Not in release	Not affected	Not in release	—
mozjs102	Not affected	Not affected	Not in release	—

CVE-2024-29944

Medium priority

Some fixes available 1 of 11

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Fixed	—
thunderbird	Not affected	Not affected	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—

CVE-2024-29943

Medium priority

Some fixes available 1 of 11

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Fixed	—
thunderbird	Not affected	Not affected	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—

CVE-2024-2616

Medium priority

Some fixes available 3 of 12

To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9.

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Fixed	Fixed	—
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—

CVE-2024-2615

Medium priority

Some fixes available 1 of 11

Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects...

8 affected packages

mozjs91, firefox, thunderbird, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs91	Not in release	Ignored	Not in release	—
firefox	Not affected	Not affected	Fixed	—
thunderbird	Not affected	Not affected	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—

Export to JSON

Results by page: