Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

271 – 280 of 348 results

CVE-2023-25728

Medium priority

Some fixes available 6 of 14

The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox <...

7 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed Fixed Ignored
mozjs38 Not in release Not in release Ignored Not in release
mozjs52 Not in release Ignored Ignored Not in release
mozjs68 Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
mozjs91 Ignored Not in release Not in release Not in release
thunderbird Not affected Fixed Fixed Fixed Ignored
Show all 7 packages Show less packages

CVE-2023-0767

Medium priority

Some fixes available 15 of 23

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and...

8 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed Fixed Ignored
mozjs38 Not in release Not in release Ignored Not in release
mozjs52 Not in release Ignored Ignored Not in release
mozjs68 Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
mozjs91 Ignored Not in release Not in release Not in release
nss Fixed Fixed Fixed Fixed Fixed
thunderbird Not affected Fixed Fixed Fixed Ignored
Show all 8 packages Show less packages

CVE-2023-23606

Medium priority

Some fixes available 2 of 11

Memory safety bugs present in Firefox 108. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects...

7 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed Fixed Ignored
mozjs38 Not in release Not in release Ignored Not in release
mozjs52 Not in release Ignored Ignored Not in release
mozjs68 Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
mozjs91 Ignored Not in release Not in release Not in release
thunderbird Not affected Not affected Not affected Ignored Ignored
Show all 7 packages Show less packages

CVE-2023-23605

Medium priority

Some fixes available 9 of 17

Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

7 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed Fixed Ignored
mozjs38 Not in release Not in release Ignored Not in release
mozjs52 Not in release Ignored Ignored Not in release
mozjs68 Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
mozjs91 Ignored Not in release Not in release Not in release
thunderbird Fixed Fixed Fixed Fixed Ignored
Show all 7 packages Show less packages

CVE-2023-23604

Medium priority

Some fixes available 2 of 11

A duplicate <code>SystemPrincipal</code> object could be created when parsing a non-system html document via <code>DOMParser::ParseFromSafeString</code>. This could have lead to bypassing web security checks. This vulnerability...

7 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed Fixed Ignored
mozjs38 Not in release Not in release Ignored Not in release
mozjs52 Not in release Ignored Ignored Not in release
mozjs68 Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
mozjs91 Ignored Not in release Not in release Not in release
thunderbird Not affected Not affected Not affected Ignored Ignored
Show all 7 packages Show less packages

CVE-2023-23603

Medium priority

Some fixes available 9 of 17

Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser....

7 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed Fixed Ignored
mozjs38 Not in release Not in release Ignored Not in release
mozjs52 Not in release Ignored Ignored Not in release
mozjs68 Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
mozjs91 Ignored Not in release Not in release Not in release
thunderbird Fixed Fixed Fixed Fixed Ignored
Show all 7 packages Show less packages

CVE-2023-23602

Medium priority

Some fixes available 9 of 17

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers....

7 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed Fixed Ignored
mozjs38 Not in release Not in release Ignored Not in release
mozjs52 Not in release Ignored Ignored Not in release
mozjs68 Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
mozjs91 Ignored Not in release Not in release Not in release
thunderbird Fixed Fixed Fixed Fixed Ignored
Show all 7 packages Show less packages

CVE-2023-23601

Medium priority

Some fixes available 9 of 17

Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.

7 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed Fixed Ignored
mozjs38 Not in release Not in release Ignored Not in release
mozjs52 Not in release Ignored Ignored Not in release
mozjs68 Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
mozjs91 Ignored Not in release Not in release Not in release
thunderbird Fixed Fixed Fixed Fixed Ignored
Show all 7 packages Show less packages

CVE-2023-23599

Medium priority

Some fixes available 9 of 17

When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox < 109,...

7 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed Fixed Ignored
mozjs38 Not in release Not in release Ignored Not in release
mozjs52 Not in release Ignored Ignored Not in release
mozjs68 Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
mozjs91 Ignored Not in release Not in release Not in release
thunderbird Fixed Fixed Fixed Fixed Ignored
Show all 7 packages Show less packages

CVE-2023-23598

Medium priority

Some fixes available 9 of 17

Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call...

7 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed Fixed Ignored
mozjs38 Not in release Not in release Ignored Not in release
mozjs52 Not in release Ignored Ignored Not in release
mozjs68 Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
mozjs91 Ignored Not in release Not in release Not in release
thunderbird Fixed Fixed Fixed Fixed Ignored
Show all 7 packages Show less packages
  1. Previous page
  2. 26
  3. 27
  4. 28
  5. 29
  6. 30
  7. Next page
Export to JSON