Search CVE reports
261 – 270 of 348 results
CVE-2023-25741
Medium prioritySome fixes available 2 of 11
When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
mozjs38 | — | Not in release | Not in release | Ignored | Not in release |
mozjs52 | — | Not in release | Ignored | Ignored | Not in release |
mozjs68 | — | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
mozjs91 | — | Ignored | Not in release | Not in release | Not in release |
thunderbird | Not affected | Not affected | Not affected | Ignored | Ignored |
CVE-2023-25739
Medium prioritySome fixes available 9 of 17
Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and...
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
mozjs102 | Not affected | Fixed | Not in release | Not in release | Not in release |
mozjs38 | — | Not in release | Not in release | Ignored | Not in release |
mozjs52 | — | Not in release | Ignored | Ignored | Not in release |
mozjs68 | — | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
mozjs91 | — | Ignored | Not in release | Not in release | Not in release |
thunderbird | Not affected | Fixed | Fixed | Fixed | Ignored |
CVE-2023-25737
Medium prioritySome fixes available 6 of 14
An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
mozjs38 | — | Not in release | Not in release | Ignored | Not in release |
mozjs52 | — | Not in release | Ignored | Ignored | Not in release |
mozjs68 | — | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
mozjs91 | — | Ignored | Not in release | Not in release | Not in release |
thunderbird | Not affected | Fixed | Fixed | Fixed | Ignored |
CVE-2023-25736
Medium prioritySome fixes available 2 of 11
An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. This vulnerability affects Firefox < 110.
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
mozjs38 | — | Not in release | Not in release | Ignored | Not in release |
mozjs52 | — | Not in release | Ignored | Ignored | Not in release |
mozjs68 | — | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
mozjs91 | — | Ignored | Not in release | Not in release | Not in release |
thunderbird | Not affected | Not affected | Not affected | Ignored | Ignored |
CVE-2023-25735
Medium prioritySome fixes available 9 of 17
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects...
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
mozjs102 | Not affected | Fixed | Not in release | Not in release | Not in release |
mozjs38 | — | Not in release | Not in release | Ignored | Not in release |
mozjs52 | — | Not in release | Ignored | Ignored | Not in release |
mozjs68 | — | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
mozjs91 | — | Ignored | Not in release | Not in release | Not in release |
thunderbird | Not affected | Fixed | Fixed | Fixed | Ignored |
CVE-2023-25733
Medium prioritySome fixes available 2 of 11
The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110.
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
mozjs38 | — | Not in release | Not in release | Ignored | Not in release |
mozjs52 | — | Not in release | Ignored | Ignored | Not in release |
mozjs68 | — | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
mozjs91 | — | Ignored | Not in release | Not in release | Not in release |
thunderbird | Not affected | Not affected | Not affected | Ignored | Ignored |
CVE-2023-25732
Medium prioritySome fixes available 6 of 14
When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox <...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
mozjs38 | — | Not in release | Not in release | Ignored | Not in release |
mozjs52 | — | Not in release | Ignored | Ignored | Not in release |
mozjs68 | — | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
mozjs91 | — | Ignored | Not in release | Not in release | Not in release |
thunderbird | Not affected | Fixed | Fixed | Fixed | Ignored |
CVE-2023-25731
Medium prioritySome fixes available 2 of 11
Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110.
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
mozjs38 | — | Not in release | Not in release | Ignored | Not in release |
mozjs52 | — | Not in release | Ignored | Ignored | Not in release |
mozjs68 | — | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
mozjs91 | — | Ignored | Not in release | Not in release | Not in release |
thunderbird | Not affected | Not affected | Not affected | Ignored | Ignored |
CVE-2023-25730
Medium prioritySome fixes available 6 of 14
A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
mozjs38 | — | Not in release | Not in release | Ignored | Not in release |
mozjs52 | — | Not in release | Ignored | Ignored | Not in release |
mozjs68 | — | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
mozjs91 | — | Ignored | Not in release | Not in release | Not in release |
thunderbird | Not affected | Fixed | Fixed | Fixed | Ignored |
CVE-2023-25729
Medium prioritySome fixes available 6 of 14
Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
mozjs38 | — | Not in release | Not in release | Ignored | Not in release |
mozjs52 | — | Not in release | Ignored | Ignored | Not in release |
mozjs68 | — | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
mozjs91 | — | Ignored | Not in release | Not in release | Not in release |
thunderbird | Not affected | Fixed | Fixed | Fixed | Ignored |