Search CVE reports

71 – 80 of 2652 results

Detailed view

Sort by:

CVE-2024-4772

Medium priority

Some fixes available 1 of 11

An HTTP digest authentication nonce value was generated using `rand()` which could lead to predictable values. This vulnerability affects Firefox < 126.

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Not affected	Not affected	—	—

CVE-2024-4771

Medium priority

Some fixes available 1 of 11

A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 126.

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Not affected	Not affected	—	—

CVE-2024-4770

Medium priority

Some fixes available 4 of 13

When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Fixed	Fixed	—	—

CVE-2024-4769

Medium priority

Some fixes available 4 of 13

When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Fixed	Fixed	—	—

CVE-2024-4768

Medium priority

Some fixes available 4 of 13

A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Fixed	Fixed	—	—

CVE-2024-4767

Medium priority

Some fixes available 4 of 13

If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126,...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Fixed	Fixed	—	—

CVE-2024-4766

Medium priority

Not affected

Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have lead to potential user confusion and spoofing attacks. *This bug only affects Firefox for Android. Other versions of...

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	Not affected	—	—

CVE-2024-4765

Medium priority

Not affected

Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's...

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	Not affected	—	—

CVE-2024-4764

Medium priority

Some fixes available 1 of 11

Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. This vulnerability affects Firefox < 126.

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Not affected	Not affected	—	—

CVE-2024-4367

Medium priority

Some fixes available 4 of 13

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Fixed	Fixed	—	—

Export to JSON

Results by page: