Search CVE reports

1 – 10 of 83 results

Detailed view

Sort by:

CVE-2022-31739

Medium priority

Ignored

When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only...

8 affected packages

firefox, firefox-esr, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Not affected	Not affected	Ignored
firefox-esr	—	—	—	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Not affected	Not affected	Not affected	Not affected	Ignored

CVE-2022-38476

Medium priority

Some fixes available 3 of 4

A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerability...

2 affected packages

firefox-esr, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox-esr	—	Not in release	Not in release	Not in release	Not in release
thunderbird	—	Fixed	Fixed	Fixed	Ignored

CVE-2022-36319

Medium priority

Some fixes available 5 of 6

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird <...

3 affected packages

firefox, firefox-esr, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	—	Not affected	Fixed	Fixed	Ignored
firefox-esr	—	Not in release	Not in release	Not in release	Not in release
thunderbird	—	Fixed	Fixed	Fixed	Ignored

CVE-2022-36318

Medium priority

Some fixes available 5 of 6

When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.

3 affected packages

firefox, firefox-esr, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	—	Not affected	Fixed	Fixed	Ignored
firefox-esr	—	Not in release	Not in release	Not in release	Not in release
thunderbird	—	Fixed	Fixed	Fixed	Ignored

CVE-2022-31747

Medium priority

Some fixes available 11 of 20

Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume...

8 affected packages

firefox, firefox-esr, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	Fixed	Ignored
firefox-esr	—	—	—	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Fixed	Fixed	Fixed	Fixed	Ignored

CVE-2022-31742

Medium priority

Some fixes available 11 of 20

An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to...

8 affected packages

firefox, firefox-esr, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	Fixed	Ignored
firefox-esr	—	—	—	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Fixed	Fixed	Fixed	Fixed	Ignored

CVE-2022-31741

Medium priority

Some fixes available 11 of 20

A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

8 affected packages

firefox, firefox-esr, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	Fixed	Ignored
firefox-esr	—	—	—	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Fixed	Fixed	Fixed	Fixed	Ignored

CVE-2022-31740

Medium priority

Some fixes available 12 of 20

On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

8 affected packages

firefox, firefox-esr, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	Fixed	Ignored
firefox-esr	—	—	—	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	Not in release	Fixed	Not in release	Not in release	Not in release
thunderbird	Fixed	Fixed	Fixed	Fixed	Ignored

CVE-2022-31738

Medium priority

Some fixes available 11 of 20

When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox <...

8 affected packages

firefox, firefox-esr, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	Fixed	Ignored
firefox-esr	—	—	—	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Fixed	Fixed	Fixed	Fixed	Ignored

CVE-2022-31737

Medium priority

Some fixes available 11 of 20

A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

8 affected packages

firefox, firefox-esr, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	Fixed	Ignored
firefox-esr	—	—	—	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Fixed	Fixed	Fixed	Fixed	Ignored

Export to JSON

Results by page: