Search CVE reports
731 – 740 of 1973 results
CVE-2019-17012
Medium prioritySome fixes available 25 of 34
Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to...
5 affected packages
firefox, mozjs38, mozjs52, mozjs60, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2019-17011
Medium prioritySome fixes available 25 of 34
Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird <...
5 affected packages
firefox, mozjs38, mozjs52, mozjs60, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2019-17010
Medium prioritySome fixes available 25 of 34
Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects...
5 affected packages
firefox, mozjs38, mozjs52, mozjs60, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2019-17008
Medium prioritySome fixes available 25 of 34
When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
5 affected packages
firefox, mozjs38, mozjs52, mozjs60, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2019-17005
Medium prioritySome fixes available 25 of 34
The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This...
5 affected packages
firefox, mozjs38, mozjs52, mozjs60, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2019-11745
Medium prioritySome fixes available 12 of 13
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable...
3 affected packages
firefox, nss, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | Fixed | Fixed |
| nss | — | — | — | Fixed | Fixed |
| thunderbird | — | — | — | Fixed | Fixed |
CVE-2019-11764
Medium prioritySome fixes available 25 of 34
Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be...
5 affected packages
firefox, mozjs38, mozjs52, mozjs60, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2019-11763
Medium prioritySome fixes available 25 of 34
Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web...
5 affected packages
firefox, mozjs38, mozjs52, mozjs60, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2019-11762
Medium prioritySome fixes available 25 of 34
If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70,...
5 affected packages
firefox, mozjs38, mozjs52, mozjs60, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2019-11761
Medium prioritySome fixes available 25 of 34
By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing...
5 affected packages
firefox, mozjs38, mozjs52, mozjs60, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |