Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

11 – 20 of 26 results

CVE-2024-43112

Negligible priority
Ignored

Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Not affected
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Not affected
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Not affected Not affected
Show all 9 packages Show less packages

CVE-2024-43111

Negligible priority
Ignored

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Not affected
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Not affected
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Not affected Not affected
Show all 9 packages Show less packages

CVE-2024-7531

Medium priority

Some fixes available 1 of 10

Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Not affected Not affected
Show all 9 packages Show less packages

CVE-2024-7530

Medium priority

Some fixes available 1 of 10

Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Not affected Not affected
Show all 9 packages Show less packages

CVE-2024-7529

Medium priority

Some fixes available 3 of 12

The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1,...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Fixed Fixed
Show all 9 packages Show less packages

CVE-2024-7528

Medium priority

Some fixes available 1 of 10

Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Not affected Not affected
Show all 9 packages Show less packages

CVE-2024-7527

Medium priority

Some fixes available 3 of 12

Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Fixed Fixed
Show all 9 packages Show less packages

CVE-2024-7526

Medium priority

Some fixes available 3 of 12

ANGLE failed to initialize parameters which led to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1,...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Fixed Fixed
Show all 9 packages Show less packages

CVE-2024-7525

Medium priority

Some fixes available 3 of 12

It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR <...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Fixed Fixed
Show all 9 packages Show less packages

CVE-2024-7524

Medium priority

Some fixes available 1 of 10

Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Not affected Not affected
Show all 9 packages Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. Next page
Export to JSON