Search CVE reports
41 – 50 of 1992 results
CVE-2024-9399
Medium prioritySome fixes available 1 of 13
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird <...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Vulnerable | Vulnerable | — | — |
CVE-2024-9398
Medium prioritySome fixes available 1 of 13
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox <...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Vulnerable | Vulnerable | — | — |
CVE-2024-9397
Medium prioritySome fixes available 1 of 13
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Vulnerable | Vulnerable | — | — |
CVE-2024-9396
Medium prioritySome fixes available 1 of 13
It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR <...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Vulnerable | Vulnerable | — | — |
CVE-2024-9394
Medium prioritySome fixes available 1 of 13
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site"...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Vulnerable | Vulnerable | — | — |
CVE-2024-9393
Medium prioritySome fixes available 1 of 13
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site"...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Vulnerable | Vulnerable | — | — |
CVE-2024-9392
Medium prioritySome fixes available 1 of 13
A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Vulnerable | Vulnerable | — | — |
CVE-2024-9403
Medium prioritySome fixes available 1 of 13
Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Vulnerable | Vulnerable | — | — |
CVE-2024-9395
Medium priorityA specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This...
2 affected packages
firefox, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Not affected | — | — |
thunderbird | Not affected | Not affected | Not affected | — | — |
CVE-2024-9391
Medium priorityA user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible. *This bug only...
2 affected packages
firefox, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Not affected | — | — |
thunderbird | Not affected | Not affected | Not affected | — | — |