Search CVE reports

511 – 520 of 2976 results

Detailed view

Sort by:

CVE-2023-5174

Medium priority

Ignored

If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This bug only affects Firefox on...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	Ignored
thunderbird	Not affected	Not affected	Not in release	Ignored
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release
mozjs102	Ignored	Ignored	Not in release	Not in release

CVE-2023-5168

Medium priority

Ignored

A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	Ignored
thunderbird	Not affected	Not affected	Not in release	Ignored
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release
mozjs102	Ignored	Ignored	Not in release	Not in release

CVE-2023-4863

Medium priority

Fixed

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

4 affected packages

chromium-browser, libwebp, thunderbird, firefox

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
chromium-browser	Not affected	Not affected	Not in release	Ignored
libwebp	Fixed	Fixed	Fixed	Fixed
thunderbird	Fixed	Fixed	Fixed	Ignored
firefox	Not affected	Not affected	Fixed	Ignored

CVE-2023-4582

Negligible priority

Not affected

Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occurred when allocating too much private shader memory on mac OS. *This bug only affects Firefox on macOS. Other operating...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	Not affected	Not in release	Ignored
thunderbird	—	Not affected	Not in release	Ignored
mozjs38	—	Not in release	Not in release	Not affected
mozjs52	—	Not in release	Not affected	Not affected
mozjs68	—	Not in release	Not affected	Not in release
mozjs78	—	Not affected	Not in release	Not in release
mozjs91	—	Not affected	Not in release	Not in release
mozjs102	—	Not affected	Not in release	Not in release

CVE-2023-4576

Negligible priority

Ignored

On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	Ignored	Not in release	Ignored
thunderbird	—	Ignored	Not in release	Ignored
mozjs38	—	Not in release	Not in release	Ignored
mozjs52	—	Not in release	Ignored	Ignored
mozjs68	—	Not in release	Ignored	Not in release
mozjs78	—	Ignored	Not in release	Not in release
mozjs91	—	Ignored	Not in release	Not in release
mozjs102	—	Ignored	Not in release	Not in release

CVE-2023-4585

Medium priority

Some fixes available 6 of 18

Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...

8 affected packages

mozjs91, firefox, thunderbird, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs91	Not in release	Ignored	Not in release	Not in release
firefox	Not affected	Not affected	Fixed	Ignored
thunderbird	Fixed	Fixed	Fixed	Ignored
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release
mozjs102	Ignored	Ignored	Not in release	Not in release

CVE-2023-4584

Medium priority

Some fixes available 6 of 18

Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Fixed	Ignored
thunderbird	Fixed	Fixed	Fixed	Ignored
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release
mozjs102	Ignored	Ignored	Not in release	Not in release

CVE-2023-4583

Medium priority

Some fixes available 6 of 18

When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the...

8 affected packages

mozjs52, firefox, thunderbird, mozjs38, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs52	Not in release	Not in release	Ignored	Ignored
firefox	Not affected	Not affected	Fixed	Ignored
thunderbird	Fixed	Fixed	Fixed	Ignored
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release
mozjs102	Ignored	Ignored	Not in release	Not in release

CVE-2023-4581

Medium priority

Some fixes available 6 of 18

Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR <...

8 affected packages

mozjs38, firefox, thunderbird, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs38	Not in release	Not in release	Not in release	Ignored
firefox	Not affected	Not affected	Fixed	Ignored
thunderbird	Fixed	Fixed	Fixed	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release
mozjs102	Ignored	Ignored	Not in release	Not in release

CVE-2023-4580

Medium priority

Some fixes available 6 of 18

Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Fixed	Ignored
thunderbird	Fixed	Fixed	Fixed	Ignored
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release
mozjs102	Ignored	Ignored	Not in release	Not in release

Export to JSON

Results by page: