Search CVE reports
341 – 350 of 893 results
Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bug only affects Firefox...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Not affected | Not affected | Not in release | Not affected |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| mozjs91 | Not in release | Ignored | Not in release | Not in release |
| thunderbird | Not affected | Not affected | Not in release | Not affected |
A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Not affected | Not affected | Not in release | Not affected |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| mozjs91 | Not in release | Ignored | Not in release | Not in release |
| thunderbird | Not affected | Not affected | Not in release | Not affected |
Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and Focus for Android....
7 affected packages
thunderbird, firefox, mozjs38, mozjs52, mozjs68...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| thunderbird | Not affected | Not affected | Not in release | Ignored |
| firefox | Not affected | Not affected | Not in release | Not affected |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| mozjs91 | Not in release | Ignored | Not in release | Not in release |
A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check,...
7 affected packages
mozjs52, mozjs68, mozjs78, mozjs91, thunderbird...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| mozjs91 | Not in release | Ignored | Not in release | Not in release |
| thunderbird | Not affected | Not affected | Not in release | Not affected |
| firefox | Not affected | Not affected | Not in release | Not affected |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS. Other operating systems are...
7 affected packages
mozjs52, mozjs68, firefox, mozjs38, thunderbird...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| firefox | Not affected | Not affected | Not in release | Not affected |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| thunderbird | Not affected | Not affected | Not in release | Not affected |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| mozjs91 | Not in release | Ignored | Not in release | Not in release |
Some fixes available 8 of 16
Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...
8 affected packages
firefox, mozjs78, mozjs91, thunderbird, mozjs102...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Ignored |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| mozjs91 | Not in release | Ignored | Not in release | Not in release |
| thunderbird | Not affected | Fixed | Fixed | Ignored |
| mozjs102 | Not affected | Fixed | Not in release | Not in release |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
Some fixes available 2 of 11
Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we...
7 affected packages
firefox, mozjs78, thunderbird, mozjs38, mozjs52...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| thunderbird | Not affected | Not affected | Not in release | Ignored |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| mozjs91 | Not in release | Ignored | Not in release | Not in release |
Some fixes available 10 of 18
Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10....
8 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| mozjs91 | Not in release | Ignored | Not in release | Not in release |
| thunderbird | Not affected | Fixed | Fixed | Fixed |
| mozjs102 | Not affected | Fixed | Not in release | Not in release |
Some fixes available 7 of 15
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| mozjs91 | Not in release | Ignored | Not in release | Not in release |
| thunderbird | Not affected | Fixed | Fixed | Fixed |
Some fixes available 7 of 15
An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
7 affected packages
firefox, thunderbird, mozjs78, mozjs38, mozjs52...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed |
| thunderbird | Not affected | Fixed | Fixed | Fixed |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| mozjs91 | Not in release | Ignored | Not in release | Not in release |