Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

681 – 690 of 1973 results

CVE-2020-12416

Medium priority

Some fixes available 14 of 23

A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78.

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Fixed Fixed Fixed Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs60 Not in release Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
thunderbird Not affected Not affected Fixed Fixed Ignored
Show less packages

CVE-2020-12415

Medium priority

Some fixes available 14 of 23

When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level...

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Fixed Fixed Fixed Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs60 Not in release Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
thunderbird Not affected Not affected Fixed Fixed Ignored
Show less packages

CVE-2020-12398

Medium priority
Fixed

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This...

1 affected packages

thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
thunderbird Fixed Fixed Fixed
Show less packages

CVE-2020-12410

Medium priority

Some fixes available 24 of 32

Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to...

7 affected packages

firefox, firefox-esr, mozjs38, mozjs52, mozjs60...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Fixed Fixed Fixed Fixed Fixed
firefox-esr Not in release Not in release Not in release Not in release Not in release
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs60 Not in release Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
thunderbird Fixed Fixed Fixed Fixed Fixed
Show all 7 packages Show less packages

CVE-2020-12406

Medium priority

Some fixes available 24 of 32

Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects...

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Fixed Fixed Fixed Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs60 Not in release Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
thunderbird Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-12405

Medium priority

Some fixes available 24 of 32

When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Fixed Fixed Fixed Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs60 Not in release Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
thunderbird Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-6830

Medium priority
Not affected

For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't needed in this case, and its usage...

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Not affected
mozjs38 Not in release Not affected Not in release
mozjs52 Not affected Not affected Not in release
mozjs60 Not in release Not in release Not in release
mozjs68 Not affected Not in release Not in release
thunderbird Not affected Not affected Not affected
Show less packages

CVE-2020-12393

Medium priority
Ignored

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it...

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Not affected Not affected Not affected
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs60 Not in release Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
thunderbird Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2020-12399

Medium priority
Fixed

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

3 affected packages

firefox, nss, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Fixed Fixed Fixed
nss Fixed Fixed Fixed
thunderbird Fixed Fixed Fixed
Show less packages

CVE-2020-6463

Medium priority

Some fixes available 15 of 21

Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

7 affected packages

chromium-browser, firefox, mozjs38, mozjs52, mozjs60...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Not affected Not affected Not affected Fixed Fixed
firefox Fixed Fixed Fixed Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs60 Not in release Not in release Not in release Not in release Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
thunderbird Not affected Not affected Fixed Fixed Ignored
Show all 7 packages Show less packages
  1. Previous page
  2. 67
  3. 68
  4. 69
  5. 70
  6. 71
  7. Next page
Export to JSON