Search CVE reports


Toggle filters

1 – 10 of 68 results


CVE-2024-53976

Low priority
Vulnerable

Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Vulnerable
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Vulnerable Vulnerable
Show all 9 packages Show less packages

CVE-2024-11708

Medium priority

Some fixes available 1 of 13

Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Vulnerable Vulnerable
Show all 9 packages Show less packages

CVE-2024-11706

Medium priority

Some fixes available 1 of 13

A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Vulnerable Vulnerable
Show all 9 packages Show less packages

CVE-2024-11705

Medium priority

Some fixes available 1 of 13

`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Vulnerable Vulnerable
Show all 9 packages Show less packages

CVE-2024-11704

Medium priority

Some fixes available 1 of 13

A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption....

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Vulnerable Vulnerable
Show all 9 packages Show less packages

CVE-2024-11703

Medium priority
Vulnerable

On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Not affected
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Vulnerable Vulnerable
Show all 9 packages Show less packages

CVE-2024-11702

Medium priority
Vulnerable

Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Not affected
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Vulnerable Vulnerable
Show all 9 packages Show less packages

CVE-2024-11701

Medium priority

Some fixes available 1 of 13

The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Vulnerable Vulnerable
Show all 9 packages Show less packages

CVE-2024-11700

Medium priority
Vulnerable

Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Not affected
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Vulnerable Vulnerable
Show all 9 packages Show less packages

CVE-2024-11699

Medium priority

Some fixes available 1 of 13

Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Vulnerable Vulnerable
Show all 9 packages Show less packages