Search CVE reports
281 – 290 of 1943 results
CVE-2023-29541
Medium prioritySome fixes available 6 of 14
Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain Distributions. Other...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | Not in release | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Not affected | Fixed | Fixed | Fixed | Ignored |
CVE-2023-29540
Medium prioritySome fixes available 2 of 11
Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. This vulnerability affects...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | Not in release | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Not affected | Not affected | Not affected | Ignored | Ignored |
CVE-2023-29539
Medium prioritySome fixes available 6 of 14
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | Not in release | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Not affected | Fixed | Fixed | Fixed | Ignored |
CVE-2023-29538
Medium prioritySome fixes available 2 of 11
Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request. This leaked directory paths on the user's machine. This...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | Not in release | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Not affected | Not affected | Not affected | Ignored | Ignored |
CVE-2023-29537
Medium prioritySome fixes available 2 of 11
Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | Not in release | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Not affected | Not affected | Not affected | Ignored | Ignored |
CVE-2023-29536
Medium prioritySome fixes available 9 of 17
An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects...
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
| mozjs102 | Not affected | Fixed | Not in release | Not in release | Not in release |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | Not in release | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Not affected | Fixed | Fixed | Fixed | Ignored |
CVE-2023-29535
Medium prioritySome fixes available 9 of 17
Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus...
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
| mozjs102 | Not affected | Fixed | Not in release | Not in release | Not in release |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | Not in release | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Not affected | Fixed | Fixed | Fixed | Ignored |
CVE-2023-29533
Medium prioritySome fixes available 6 of 14
A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code> calls. This could have led to...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | Not in release | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Not affected | Fixed | Fixed | Fixed | Ignored |
CVE-2023-29479
Medium priorityRibose RNP before 0.16.3 may hang when the input is malformed.
1 affected packages
thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| thunderbird | — | Fixed | Fixed | Fixed | Ignored |
CVE-2023-1945
Medium priorityUnexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10.
1 affected packages
thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| thunderbird | — | Fixed | Fixed | Fixed | Ignored |