Search CVE reports

111 – 120 of 821 results

Detailed view

Sort by:

CVE-2024-4774

Medium priority

Some fixes available 1 of 11

The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. This vulnerability affects Firefox < 126.

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Not affected	Not affected	—	—

CVE-2024-4773

Medium priority

Some fixes available 1 of 11

When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affects Firefox < 126.

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Not affected	Not affected	—	—

CVE-2024-4772

Medium priority

Some fixes available 1 of 11

An HTTP digest authentication nonce value was generated using `rand()` which could lead to predictable values. This vulnerability affects Firefox < 126.

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Not affected	Not affected	—	—

CVE-2024-4771

Medium priority

Some fixes available 1 of 11

A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 126.

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Not affected	Not affected	—	—

CVE-2024-4770

Medium priority

Some fixes available 4 of 13

When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Fixed	Fixed	—	—

CVE-2024-4769

Medium priority

Some fixes available 4 of 13

When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Fixed	Fixed	—	—

CVE-2024-4768

Medium priority

Some fixes available 4 of 13

A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Fixed	Fixed	—	—

CVE-2024-4767

Medium priority

Some fixes available 4 of 13

If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126,...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Fixed	Fixed	—	—

CVE-2024-4764

Medium priority

Some fixes available 1 of 11

Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. This vulnerability affects Firefox < 126.

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Not affected	Not affected	—	—

CVE-2024-4367

Medium priority

Some fixes available 4 of 13

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Fixed	Fixed	—	—

Export to JSON

Results by page: