Search CVE reports
11 – 20 of 243 results
CVE-2024-10458
Medium prioritySome fixes available 1 of 13
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4,...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Vulnerable | Vulnerable | — | — |
CVE-2024-9936
Medium prioritySome fixes available 1 of 11
When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Not affected | Not affected | — | — |
CVE-2024-9680
High prioritySome fixes available 3 of 13
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Fixed | Fixed | — | — |
CVE-2024-9402
Medium prioritySome fixes available 1 of 13
Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Vulnerable | Vulnerable | — | — |
CVE-2024-9401
Medium prioritySome fixes available 1 of 13
Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Vulnerable | Vulnerable | — | — |
CVE-2024-9400
Medium prioritySome fixes available 1 of 13
A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR <...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Vulnerable | Vulnerable | — | — |
CVE-2024-9399
Medium prioritySome fixes available 1 of 13
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird <...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Vulnerable | Vulnerable | — | — |
CVE-2024-9398
Medium prioritySome fixes available 1 of 13
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox <...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Vulnerable | Vulnerable | — | — |
CVE-2024-9397
Medium prioritySome fixes available 1 of 13
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Vulnerable | Vulnerable | — | — |
CVE-2024-9396
Medium prioritySome fixes available 1 of 13
It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR <...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Vulnerable | Vulnerable | — | — |