Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

611 – 620 of 1943 results

CVE-2020-26959

Medium priority

Some fixes available 21 of 27

During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 83,...

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Fixed Fixed Fixed Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs60 Not in release Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
thunderbird Fixed Fixed Fixed Fixed Ignored
Show less packages

CVE-2020-26958

Medium priority

Some fixes available 21 of 27

Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content...

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Fixed Fixed Fixed Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs60 Not in release Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
thunderbird Fixed Fixed Fixed Fixed Ignored
Show less packages

CVE-2020-26956

Medium priority

Some fixes available 21 of 27

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Fixed Fixed Fixed Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs60 Not in release Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
thunderbird Fixed Fixed Fixed Fixed Ignored
Show less packages

CVE-2020-26953

Medium priority

Some fixes available 21 of 27

It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox...

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Fixed Fixed Fixed Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs60 Not in release Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
thunderbird Fixed Fixed Fixed Fixed Ignored
Show less packages

CVE-2020-26951

Medium priority

Some fixes available 21 of 27

A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have...

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Fixed Fixed Fixed Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs60 Not in release Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
thunderbird Fixed Fixed Fixed Fixed Ignored
Show less packages

CVE-2020-16012

Medium priority

Some fixes available 23 of 29

Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

7 affected packages

chromium-browser, firefox, mozjs38, mozjs52, mozjs60...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Not affected Not affected Not affected Fixed Fixed
firefox Fixed Fixed Fixed Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs60 Not in release Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
thunderbird Fixed Fixed Fixed Fixed Ignored
Show all 7 packages Show less packages

CVE-2020-26950

High priority

Some fixes available 21 of 27

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2.

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Fixed Fixed Fixed Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs60 Not in release Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
thunderbird Fixed Fixed Fixed Fixed Ignored
Show less packages

CVE-2020-15683

Medium priority

Some fixes available 21 of 27

Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could...

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Fixed Fixed Fixed Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs60 Not in release Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
thunderbird Fixed Fixed Fixed Fixed Ignored
Show less packages

CVE-2020-15999

High priority

Some fixes available 14 of 15

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

18 affected packages

android, chromium-browser, firefox, freetype, godot...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
android Not in release Not in release Not in release Not in release Needs evaluation
chromium-browser Not affected Not affected Not affected Fixed Fixed
firefox Not affected Not affected Not affected Not affected Not affected
freetype Fixed Fixed Fixed Fixed Fixed
godot Not affected Not affected Not affected Not in release Not in release
graphicsmagick Not affected Not affected Not affected Not affected Not affected
musescore Not in release Not in release Not affected Not affected Not affected
openjdk-12 Not in release Not in release Not in release Not in release Not in release
openjdk-13 Not in release Not in release Not affected Not in release Not in release
openjdk-15 Not in release Not in release Not in release Not in release Not in release
openjdk-lts Not affected Not affected Not affected Not affected Not in release
oxide-qt Not in release Not in release Not in release Not in release Not affected
paraview Not affected Not affected Not affected Not affected Not affected
qtbase-opensource-src Not affected Not affected Not affected Not affected Not affected
qtbase-opensource-src-gles Not affected Not affected Not affected Not in release Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
texmaker Not affected Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected Not affected Not affected
Show all 18 packages Show less packages

CVE-2020-15646

Medium priority
Fixed

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and...

1 affected packages

thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
thunderbird Fixed Fixed Fixed
Show less packages
  1. Previous page
  2. 60
  3. 61
  4. 62
  5. 63
  6. 64
  7. Next page
Export to JSON