Search CVE reports
1751 – 1760 of 29100 results
'Same-origin policy bypass in the Graphics: Canvas2D component.' This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Not affected |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| mozjs102 | Ignored |
| mozjs115 | Ignored |
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process....
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Not affected |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| mozjs102 | Ignored |
| mozjs115 | Ignored |
Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability affects Firefox < 141.
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Not affected |
In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability affects Firefox < 141.
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Not affected |
The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme This vulnerability affects Firefox for iOS < 141.
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Not affected |
The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link This vulnerability affects...
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Not affected |
Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page This vulnerability affects Firefox for iOS < 141.
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Not affected |
Some fixes available 1 of 3
A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak....
5 affected packages
tiff, qtwebengine-opensource-src, texmaker, gdal, neuron
| Package | 24.04 LTS |
|---|---|
| tiff | Fixed |
| qtwebengine-opensource-src | Needs evaluation |
| texmaker | Needs evaluation |
| gdal | Not affected |
| neuron | Not affected |
A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use...
1 affected package
tcpreplay
| Package | 24.04 LTS |
|---|---|
| tcpreplay | Needs evaluation |
Not in release
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user...
1 affected package
node-mermaid
| Package | 24.04 LTS |
|---|---|
| node-mermaid | Not in release |