Search CVE reports


Toggle filters

41 – 50 of 1992 results


CVE-2024-9399

Medium priority

Some fixes available 1 of 13

A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird <...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Vulnerable Vulnerable
Show all 9 packages Show less packages

CVE-2024-9398

Medium priority

Some fixes available 1 of 13

By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox <...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Vulnerable Vulnerable
Show all 9 packages Show less packages

CVE-2024-9397

Medium priority

Some fixes available 1 of 13

A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Vulnerable Vulnerable
Show all 9 packages Show less packages

CVE-2024-9396

Medium priority

Some fixes available 1 of 13

It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR <...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Vulnerable Vulnerable
Show all 9 packages Show less packages

CVE-2024-9394

Medium priority

Some fixes available 1 of 13

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site"...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Vulnerable Vulnerable
Show all 9 packages Show less packages

CVE-2024-9393

Medium priority

Some fixes available 1 of 13

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site"...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Vulnerable Vulnerable
Show all 9 packages Show less packages

CVE-2024-9392

Medium priority

Some fixes available 1 of 13

A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Vulnerable Vulnerable
Show all 9 packages Show less packages

CVE-2024-9403

Medium priority

Some fixes available 1 of 13

Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
thunderbird Not affected Vulnerable Vulnerable
Show all 9 packages Show less packages

CVE-2024-9395

Medium priority
Not affected

A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This...

2 affected packages

firefox, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
Show less packages

CVE-2024-9391

Medium priority
Not affected

A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible. *This bug only...

2 affected packages

firefox, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
Show less packages