Search CVE reports
1181 – 1190 of 2385 results
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined...
2 affected packages
firefox, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | Fixed |
| thunderbird | — | — | — | — | Fixed |
Some fixes available 28 of 37
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability...
5 affected packages
mozjs52, mozjs60, firefox, mozjs38, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs60 | — | Not in release | Not in release | Not in release | Not in release |
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Not in release | Not affected |
| thunderbird | — | Fixed | Fixed | Fixed | Fixed |
A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird < 60.7.1.
1 affected package
thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| thunderbird | — | — | — | — | Fixed |
A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird...
1 affected package
thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| thunderbird | — | — | — | — | Fixed |
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects...
1 affected package
thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| thunderbird | — | — | — | — | Fixed |
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
1 affected package
thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| thunderbird | — | — | — | — | Fixed |
Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting.
6 affected packages
firefox-esr, mozjs38, mozjs52, firefox, mozjs60, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox-esr | — | — | — | — | Not in release |
| mozjs38 | — | — | — | — | Not affected |
| mozjs52 | — | — | — | — | Not affected |
| firefox | — | — | — | — | Not affected |
| mozjs60 | — | — | — | — | Not in release |
| thunderbird | — | — | — | — | Not affected |
In libwebp 0.5.1, there is a double free bug in libwebpmux.
9 affected packages
godot, libwebp, mozjs60, qtimageformats-opensource-src, qtwebengine-opensource-src...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| godot | — | Not affected | Not affected | Not affected | Not in release |
| libwebp | — | Not affected | Not affected | Not affected | Not affected |
| mozjs60 | — | Not in release | Not in release | Not in release | Not in release |
| qtimageformats-opensource-src | — | Not affected | Not affected | Not affected | Not affected |
| qtwebengine-opensource-src | — | Not affected | Not affected | Not affected | Not affected |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| firefox | — | Not affected | Not affected | Not in release | Not affected |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| thunderbird | — | Not affected | Not affected | Not in release | Not affected |
Some fixes available 28 of 38
A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
5 affected packages
mozjs52, mozjs60, firefox, mozjs38, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs60 | — | Not in release | Not in release | Not in release | Not in release |
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| thunderbird | — | Fixed | Fixed | Fixed | Fixed |
Some fixes available 28 of 38
A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
5 affected packages
mozjs52, mozjs38, firefox, mozjs60, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs60 | — | Not in release | Not in release | Not in release | Not in release |
| thunderbird | — | Fixed | Fixed | Fixed | Fixed |