Search CVE reports

Toggle filters

421 – 430 of 2389 results

CVE-2024-10462

Medium priority

Some fixes available 2 of 13

Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not affected Fixed
thunderbird Not affected Not affected Fixed Not in release
mozjs38 Not in release Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Not in release Ignored
mozjs78 Not in release Not in release Ignored Not in release
mozjs91 Not in release Not in release Ignored Not in release
mozjs102 Not in release Ignored Ignored Not in release
mozjs115 Not in release Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2024-10461

Medium priority

Some fixes available 2 of 13

In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not affected Fixed
thunderbird Not affected Not affected Fixed Not in release
mozjs38 Not in release Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Not in release Ignored
mozjs78 Not in release Not in release Ignored Not in release
mozjs91 Not in release Not in release Ignored Not in release
mozjs102 Not in release Ignored Ignored Not in release
mozjs115 Not in release Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2024-10460

Medium priority

Some fixes available 2 of 13

The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not affected Fixed
thunderbird Not affected Not affected Fixed Not in release
mozjs38 Not in release Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Not in release Ignored
mozjs78 Not in release Not in release Ignored Not in release
mozjs91 Not in release Not in release Ignored Not in release
mozjs102 Not in release Ignored Ignored Not in release
mozjs115 Not in release Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2024-10459

Medium priority

Some fixes available 3 of 14

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4,...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not affected Fixed
thunderbird Not affected Not affected Fixed Fixed
mozjs38 Not in release Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Not in release Ignored
mozjs78 Not in release Not in release Ignored Not in release
mozjs91 Not in release Not in release Ignored Not in release
mozjs102 Not in release Ignored Ignored Not in release
mozjs115 Not in release Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2024-10458

Medium priority

Some fixes available 3 of 14

A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4,...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not affected Fixed
thunderbird Not affected Not affected Fixed Fixed
mozjs38 Not in release Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Not in release Ignored
mozjs78 Not in release Not in release Ignored Not in release
mozjs91 Not in release Not in release Ignored Not in release
mozjs102 Not in release Ignored Ignored Not in release
mozjs115 Not in release Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2024-50602

Medium priority

Some fixes available 7 of 74

An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.

23 affected packages

smart, apache2, apr-util, cmake, ghostscript...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
smart Not in release Not in release Not in release Not in release Needs evaluation
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
vnc4 Not in release Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
insighttoolkit4 Not in release Not in release Needs evaluation Ignored Needs evaluation
expat Not affected Fixed Fixed Fixed Fixed
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
gdcm Not affected Not affected Not affected Not affected Needs evaluation
ayttm Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Not affected Needs evaluation
matanza Ignored Ignored Ignored Ignored Ignored
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
vtk Not in release Not in release Not in release Not in release
firefox Not affected Not affected Not affected Not in release
thunderbird Not affected Not affected Not affected Not in release
libxmltok Not in release Not affected Not affected Not affected Not affected
Show all 23 packages Show less packages

CVE-2024-50383

Medium priority

Some fixes available 3 of 11

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 (used in Chacha-Poly1305 and x25519). An addition can be skipped if a carry is not set....

3 affected packages

oscar, botan, thunderbird

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
oscar Needs evaluation Needs evaluation Needs evaluation Ignored
botan Not in release Fixed Fixed Vulnerable Ignored
thunderbird Not affected Not affected Not affected Not in release
Show less packages

CVE-2024-50382

Medium priority

Some fixes available 3 of 11

Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for...

3 affected packages

botan, oscar, thunderbird

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
botan Not in release Fixed Fixed Vulnerable Ignored
oscar Needs evaluation Needs evaluation Needs evaluation Ignored
thunderbird Not affected Not affected Not affected Not in release
Show less packages

CVE-2024-10004

Medium priority
Not affected

Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox...

2 affected packages

firefox, thunderbird

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
Show less packages

CVE-2024-9936

Medium priority

Some fixes available 1 of 12

When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not affected Fixed
thunderbird Not affected Not affected Not affected Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Not in release Ignored Ignored Not in release
mozjs115 Not in release Ignored Not in release Not in release
Show all 9 packages Show less packages
  1. Previous page
  2. 41
  3. 42
  4. 43
  5. 44
  6. 45
  7. Next page
Export to JSON