Search CVE reports

631 – 640 of 1973 results

Detailed view

Sort by:

CVE-2020-26974

Medium priority

Some fixes available 21 of 33

When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This...

7 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs60	Not in release	Not in release	Not in release	Not in release	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Fixed	Fixed	Fixed	Fixed	Ignored

CVE-2020-26973

Medium priority

Some fixes available 21 of 33

Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

7 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs60	Not in release	Not in release	Not in release	Not in release	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Fixed	Fixed	Fixed	Fixed	Ignored

CVE-2020-26971

Medium priority

Some fixes available 21 of 33

Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

7 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs60	Not in release	Not in release	Not in release	Not in release	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Fixed	Fixed	Fixed	Fixed	Ignored

CVE-2020-16042

Medium priority

Fixed

Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

3 affected packages

chromium-browser, firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
chromium-browser	—	Not affected	Not affected	Fixed	Fixed
firefox	—	Fixed	Fixed	Fixed	Fixed
thunderbird	—	Fixed	Fixed	Fixed	Ignored

CVE-2020-26970

Medium priority

Fixed

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption...

1 affected packages

thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
thunderbird	—	Fixed	Fixed	Fixed	Ignored

CVE-2020-26966

Low priority

Ignored

Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: This issue only affected Windows...

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Not affected	Not affected	Not affected
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs60	Not in release	Not in release	Not in release	Not in release	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
thunderbird	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2020-26968

Medium priority

Some fixes available 21 of 27

Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to...

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs60	Not in release	Not in release	Not in release	Not in release	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
thunderbird	Fixed	Fixed	Fixed	Fixed	Ignored

CVE-2020-26965

Low priority

Some fixes available 21 of 27

Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed...

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs60	Not in release	Not in release	Not in release	Not in release	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
thunderbird	Fixed	Fixed	Fixed	Fixed	Ignored

CVE-2020-26961

Medium priority

Some fixes available 21 of 27

When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses...

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs60	Not in release	Not in release	Not in release	Not in release	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
thunderbird	Fixed	Fixed	Fixed	Fixed	Ignored

CVE-2020-26960

Medium priority

Some fixes available 21 of 27

If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83,...

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs60	Not in release	Not in release	Not in release	Not in release	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
thunderbird	Fixed	Fixed	Fixed	Fixed	Ignored

Export to JSON

Results by page: