CVE search results

321 – 330 of 2652 results

Detailed view

Sort by:

CVE-2023-23598

Medium priority

Some fixes available 9 of 17

Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call...

7 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	Fixed	Ignored
mozjs38	—	Not in release	Not in release	Ignored	Not in release
mozjs52	—	Not in release	Ignored	Ignored	Not in release
mozjs68	—	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	—	Ignored	Not in release	Not in release	Not in release
thunderbird	Fixed	Fixed	Fixed	Fixed	Ignored

CVE-2023-23597

Medium priority

Some fixes available 2 of 11

A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the <code>file://</code> context. Given a reliable exploit primitive, this new process could be...

7 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	Fixed	Ignored
mozjs38	—	Not in release	Not in release	Ignored	Not in release
mozjs52	—	Not in release	Ignored	Ignored	Not in release
mozjs68	—	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	—	Ignored	Not in release	Not in release	Not in release
thunderbird	Not affected	Not affected	Not affected	Ignored	Ignored

CVE-2023-22466

Medium priority

Vulnerable

Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting `pipe_mode` will...

9 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Ignored	Ignored	Ignored
mozjs38	—	Not in release	Not in release	Ignored	Not in release
mozjs52	—	Not in release	Ignored	Ignored	Not in release
mozjs68	—	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	—	Ignored	Not in release	Not in release	Not in release
rust-tokio	Needs evaluation	Needs evaluation	Needs evaluation	Not in release	Ignored
rustc	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
thunderbird	Not affected	Not affected	Not affected	Ignored	Ignored

CVE-2022-46885

Medium priority

Fixed

Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some...

1 affected packages

firefox

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	—	Not affected	Fixed	Ignored	Ignored

CVE-2022-46883

Medium priority

Fixed

Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. Some of these bugs showed evidence of memory corruption and we presume that with...

1 affected packages

firefox

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	—	Not affected	Fixed	Ignored	Ignored

CVE-2022-46875

Medium priority

Not affected

The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Other operating systems...

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	—	Not affected	Not affected	Ignored	Ignored
thunderbird	—	Not affected	Not affected	Ignored	Ignored

CVE-2022-40961

Medium priority

Not affected

During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*....

1 affected packages

firefox

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	—	Not affected	Not affected	Not affected	Ignored

CVE-2022-38474

Medium priority

Not affected

A website that had permission to access the microphone could record audio without the audio notification being shown. This bug does not allow the attacker to bypass the permission prompt - it only affects the notification shown...

1 affected packages

firefox

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	—	Not affected	Not affected	Not affected	Ignored

CVE-2022-36317

Medium priority

Not affected

When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.<br>*This bug only affects Firefox for Android. Other operating...

1 affected packages

firefox

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	—	Not affected	Not affected	Not affected	Ignored

CVE-2022-36314

Medium priority

Some fixes available 2 of 3

When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. Other...

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	—	Not affected	Not affected	Not affected	Ignored
thunderbird	—	Fixed	Fixed	Ignored	Ignored

Export to JSON

Results by page:

Search CVE reports