Search CVE reports
391 – 400 of 1973 results
CVE-2022-45410
Medium prioritySome fixes available 7 of 15
When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | Not affected | Ignored |
| mozjs38 | — | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | — | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | — | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | — | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2022-45409
Medium prioritySome fixes available 7 of 15
The garbage collector could have been aborted in several states and zones and <code>GCRuntime::finishCollection</code> may not have been called, leading to a use-after-free and potentially exploitable crash. This vulnerability...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | Not affected | Ignored |
| mozjs38 | — | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | — | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | — | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | — | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2022-45408
Medium prioritySome fixes available 7 of 15
Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | Not affected | Ignored |
| mozjs38 | — | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | — | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | — | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | — | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2022-45407
Medium priorityIf an attacker loaded a font using <code>FontFace()</code> on a background worker, a use-after-free could have occurred, leading to a potentially exploitable crash. This vulnerability affects Firefox < 107.
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | Not affected | Ignored |
| mozjs38 | — | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | — | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | — | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | — | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Not affected | Not affected | Not affected | Ignored | Ignored |
CVE-2022-45406
Medium prioritySome fixes available 7 of 15
If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | Not affected | Ignored |
| mozjs38 | — | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | — | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | — | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | — | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2022-45405
Medium prioritySome fixes available 7 of 15
Freeing arbitrary <code>nsIInputStream</code>'s on a different thread than creation could have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | Not affected | Ignored |
| mozjs38 | — | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | — | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | — | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | — | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2022-45404
Medium prioritySome fixes available 7 of 15
Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | Not affected | Ignored |
| mozjs38 | — | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | — | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | — | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | — | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2022-45403
Medium prioritySome fixes available 9 of 17
Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
| mozjs38 | — | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | — | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | — | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | — | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2022-39394
Medium priorityWasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the `wasmtime_trap_code` does not match its declared signature in...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Ignored | Ignored | Ignored |
| mozjs38 | — | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | — | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | — | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | — | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Ignored | Ignored | Ignored | Ignored | Ignored |
CVE-2022-39393
Medium priorityWasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Ignored | Ignored | Ignored |
| mozjs38 | — | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | — | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | — | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | — | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Ignored | Ignored | Ignored | Ignored | Ignored |