Search CVE reports
321 – 330 of 23512 results
CVE-2024-8388
Medium priorityMultiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing...
2 affected packages
firefox, thunderbird
Package | 22.04 LTS |
---|---|
firefox | Not affected |
thunderbird | Not affected |
CVE-2024-8387
Medium priorityMemory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 22.04 LTS |
---|---|
firefox | Not affected |
mozjs102 | Ignored |
mozjs115 | Not in release |
mozjs38 | Not in release |
mozjs52 | Not in release |
mozjs68 | Not in release |
mozjs78 | Ignored |
mozjs91 | Ignored |
thunderbird | Not affected |
CVE-2024-8386
Medium priorityIf a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 22.04 LTS |
---|---|
firefox | Not affected |
mozjs102 | Ignored |
mozjs115 | Not in release |
mozjs38 | Not in release |
mozjs52 | Not in release |
mozjs68 | Not in release |
mozjs78 | Ignored |
mozjs91 | Ignored |
thunderbird | Not affected |
CVE-2024-8385
Medium priorityA difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 22.04 LTS |
---|---|
firefox | Not affected |
mozjs102 | Ignored |
mozjs115 | Not in release |
mozjs38 | Not in release |
mozjs52 | Not in release |
mozjs68 | Not in release |
mozjs78 | Ignored |
mozjs91 | Ignored |
thunderbird | Not affected |
CVE-2024-8384
Medium prioritySome fixes available 1 of 4
The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130,...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 22.04 LTS |
---|---|
firefox | Not affected |
mozjs102 | Ignored |
mozjs115 | Not in release |
mozjs38 | Not in release |
mozjs52 | Not in release |
mozjs68 | Not in release |
mozjs78 | Ignored |
mozjs91 | Ignored |
thunderbird | Fixed |
CVE-2024-8383
Medium priorityFirefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:....
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 22.04 LTS |
---|---|
firefox | Not affected |
mozjs102 | Ignored |
mozjs115 | Not in release |
mozjs38 | Not in release |
mozjs52 | Not in release |
mozjs68 | Not in release |
mozjs78 | Ignored |
mozjs91 | Ignored |
thunderbird | Not affected |
CVE-2024-8382
Medium prioritySome fixes available 1 of 4
Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 22.04 LTS |
---|---|
firefox | Not affected |
mozjs102 | Ignored |
mozjs115 | Not in release |
mozjs38 | Not in release |
mozjs52 | Not in release |
mozjs68 | Not in release |
mozjs78 | Ignored |
mozjs91 | Ignored |
thunderbird | Fixed |
CVE-2024-8381
Medium prioritySome fixes available 1 of 4
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15,...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 22.04 LTS |
---|---|
firefox | Not affected |
mozjs102 | Ignored |
mozjs115 | Not in release |
mozjs38 | Not in release |
mozjs52 | Not in release |
mozjs68 | Not in release |
mozjs78 | Ignored |
mozjs91 | Ignored |
thunderbird | Fixed |
CVE-2024-6232
Medium prioritySome fixes available 1 of 2
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
11 affected packages
python2.7, python3.10, python3.11, python3.12, python3.13...
Package | 22.04 LTS |
---|---|
python2.7 | Not affected |
python3.10 | Fixed |
python3.11 | Needs evaluation |
python3.12 | Not in release |
python3.13 | Not in release |
python3.4 | Not in release |
python3.5 | Not in release |
python3.6 | Not in release |
python3.7 | Not in release |
python3.8 | Not in release |
python3.9 | Not in release |
CVE-2024-8374
Medium priorityUltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader (/plugins/ThreeMFReader.py). The vulnerability arises from improper handling of the drop_to_buildplate property...
1 affected packages
cura
Package | 22.04 LTS |
---|---|
cura | Needs evaluation |