Search CVE reports

Toggle filters

301 – 310 of 349 results

CVE-2023-5176

Medium priority

Some fixes available 4 of 16

Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed Ignored
thunderbird Not affected Fixed Fixed Ignored
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored Not in release
mozjs78 Not in release Ignored Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release
mozjs102 Ignored Ignored Not in release Not in release
Show all 8 packages Show less packages

CVE-2023-5175

Medium priority

Some fixes available 1 of 14

During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox < 118.

8 affected packages

mozjs52, firefox, thunderbird, mozjs38, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mozjs52 Not in release Not in release Ignored Ignored
firefox Not affected Not affected Fixed Ignored
thunderbird Not affected Not affected Not in release Ignored
mozjs38 Not in release Not in release Not in release Ignored
mozjs68 Not in release Not in release Ignored Not in release
mozjs78 Not in release Ignored Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release
mozjs102 Ignored Ignored Not in release Not in release
Show all 8 packages Show less packages

CVE-2023-5173

Medium priority

Some fixes available 1 of 14

In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed Ignored
thunderbird Not affected Not affected Not in release Ignored
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored Not in release
mozjs78 Not in release Ignored Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release
mozjs102 Ignored Ignored Not in release Not in release
Show all 8 packages Show less packages

CVE-2023-5172

Medium priority

Some fixes available 1 of 14

A hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 118.

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed Ignored
thunderbird Not affected Not affected Not in release Ignored
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored Not in release
mozjs78 Not in release Ignored Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release
mozjs102 Ignored Ignored Not in release Not in release
Show all 8 packages Show less packages

CVE-2023-5171

Medium priority

Some fixes available 4 of 16

During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118,...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed Ignored
thunderbird Not affected Fixed Fixed Ignored
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored Not in release
mozjs78 Not in release Ignored Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release
mozjs102 Ignored Ignored Not in release Not in release
Show all 8 packages Show less packages

CVE-2023-5170

Medium priority

Some fixes available 1 of 14

In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed Ignored
thunderbird Not affected Not affected Not in release Ignored
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored Not in release
mozjs78 Not in release Ignored Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release
mozjs102 Ignored Ignored Not in release Not in release
Show all 8 packages Show less packages

CVE-2023-5169

Medium priority

Some fixes available 4 of 16

A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox <...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed Ignored
thunderbird Not affected Fixed Fixed Ignored
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored Not in release
mozjs78 Not in release Ignored Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release
mozjs102 Ignored Ignored Not in release Not in release
Show all 8 packages Show less packages

CVE-2023-5174

Medium priority
Ignored

If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This bug only affects Firefox on...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release Ignored
thunderbird Not affected Not affected Not in release Ignored
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored Not in release
mozjs78 Not in release Ignored Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release
mozjs102 Ignored Ignored Not in release Not in release
Show all 8 packages Show less packages

CVE-2023-5168

Medium priority
Ignored

A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release Ignored
thunderbird Not affected Not affected Not in release Ignored
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored Not in release
mozjs78 Not in release Ignored Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release
mozjs102 Ignored Ignored Not in release Not in release
Show all 8 packages Show less packages

CVE-2023-4582

Negligible priority
Not affected

Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS. *This bug only affects Firefox on macOS. Other operating...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not in release Ignored
thunderbird Not affected Not in release Ignored
mozjs38 Not in release Not in release Not affected
mozjs52 Not in release Not affected Not affected
mozjs68 Not in release Not affected Not in release
mozjs78 Not affected Not in release Not in release
mozjs91 Not affected Not in release Not in release
mozjs102 Not affected Not in release Not in release
Show all 8 packages Show less packages
  1. Previous page
  2. 29
  3. 30
  4. 31
  5. 32
  6. 33
  7. Next page
Export to JSON