Search CVE reports

601 – 610 of 2389 results

Detailed view

Sort by:

CVE-2023-6858

Medium priority

Some fixes available 6 of 18

Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	Not affected	Not affected	Fixed	Ignored
thunderbird	—	Fixed	Fixed	Fixed	Ignored
mozjs38	—	Not in release	Not in release	Not in release	Ignored
mozjs52	—	Not in release	Not in release	Ignored	Ignored
mozjs68	—	Not in release	Not in release	Ignored	Not in release
mozjs78	—	Not in release	Ignored	Not in release	Not in release
mozjs91	—	Not in release	Ignored	Not in release	Not in release
mozjs102	—	Ignored	Ignored	Not in release	Not in release

CVE-2023-6857

Medium priority

Some fixes available 6 of 18

When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	Not affected	Not affected	Fixed	Ignored
thunderbird	—	Fixed	Fixed	Fixed	Ignored
mozjs38	—	Not in release	Not in release	Not in release	Ignored
mozjs52	—	Not in release	Not in release	Ignored	Ignored
mozjs68	—	Not in release	Not in release	Ignored	Not in release
mozjs78	—	Not in release	Ignored	Not in release	Not in release
mozjs91	—	Not in release	Ignored	Not in release	Not in release
mozjs102	—	Ignored	Ignored	Not in release	Not in release

CVE-2023-6856

Medium priority

Some fixes available 6 of 18

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape....

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	Not affected	Not affected	Fixed	Ignored
thunderbird	—	Fixed	Fixed	Fixed	Ignored
mozjs38	—	Not in release	Not in release	Not in release	Ignored
mozjs52	—	Not in release	Not in release	Ignored	Ignored
mozjs68	—	Not in release	Not in release	Ignored	Not in release
mozjs78	—	Not in release	Ignored	Not in release	Not in release
mozjs91	—	Not in release	Ignored	Not in release	Not in release
mozjs102	—	Ignored	Ignored	Not in release	Not in release

CVE-2023-6135

Medium priority

Some fixes available 4 of 16

Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not affected	Fixed	Ignored
thunderbird	Not affected	Not affected	Not affected	Not in release	Ignored
mozjs38	Not in release	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs91	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs102	Not in release	Ignored	Ignored	Not in release	Not in release
nss	Not affected	Not affected	Fixed	Fixed	Ignored

CVE-2023-50762

Medium priority

Fixed

When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always...

1 affected package

thunderbird

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
thunderbird	—	—	Fixed	Fixed	Ignored

CVE-2023-50761

Medium priority

Fixed

The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time,...

1 affected package

thunderbird

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
thunderbird	—	—	Fixed	Fixed	Ignored

CVE-2023-6870

Medium priority

Ignored

Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. *This issue only affects Android versions of Firefox and Firefox Focus.* This vulnerability...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	Not affected	Not affected	Not in release	Ignored
thunderbird	—	Not affected	Not affected	Not in release	Ignored
mozjs38	—	Not in release	Not in release	Not in release	Ignored
mozjs52	—	Not in release	Not in release	Ignored	Ignored
mozjs68	—	Not in release	Not in release	Ignored	Not in release
mozjs78	—	Not in release	Ignored	Not in release	Not in release
mozjs91	—	Not in release	Ignored	Not in release	Not in release
mozjs102	—	Ignored	Ignored	Not in release	Not in release

CVE-2023-6868

Medium priority

Ignored

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. *This bug only...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	Not affected	Not affected	Not in release	Ignored
thunderbird	—	Not affected	Not affected	Not in release	Ignored
mozjs38	—	Not in release	Not in release	Not in release	Ignored
mozjs52	—	Not in release	Not in release	Ignored	Ignored
mozjs68	—	Not in release	Not in release	Ignored	Not in release
mozjs78	—	Not in release	Ignored	Not in release	Not in release
mozjs91	—	Not in release	Ignored	Not in release	Not in release
mozjs102	—	Ignored	Ignored	Not in release	Not in release

CVE-2023-6213

Medium priority

Some fixes available 1 of 14

Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	Not affected	Not affected	Fixed	Ignored
thunderbird	—	Not affected	Not affected	Not in release	Ignored
mozjs38	—	Not in release	Not in release	Not in release	Ignored
mozjs52	—	Not in release	Not in release	Ignored	Ignored
mozjs68	—	Not in release	Not in release	Ignored	Not in release
mozjs78	—	Not in release	Ignored	Not in release	Not in release
mozjs91	—	Not in release	Ignored	Not in release	Not in release
mozjs102	—	Ignored	Ignored	Not in release	Not in release

CVE-2023-6212

Medium priority

Some fixes available 6 of 18

Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...

8 affected packages

mozjs38, firefox, thunderbird, mozjs52, mozjs68...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs38	—	Not in release	Not in release	Not in release	Ignored
firefox	—	Not affected	Not affected	Fixed	Ignored
thunderbird	—	Fixed	Fixed	Fixed	Ignored
mozjs52	—	Not in release	Not in release	Ignored	Ignored
mozjs68	—	Not in release	Not in release	Ignored	Not in release
mozjs78	—	Not in release	Ignored	Not in release	Not in release
mozjs91	—	Not in release	Ignored	Not in release	Not in release
mozjs102	—	Ignored	Ignored	Not in release	Not in release

Export to JSON

Results by page: