Search CVE reports

Toggle filters

691 – 700 of 2921 results

CVE-2022-31742

Medium priority

Some fixes available 11 of 20

An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to...

8 affected packages

mozjs78, firefox, firefox-esr, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mozjs78 Not in release Ignored Not in release Not in release
firefox Not affected Not affected Fixed Fixed
firefox-esr
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release Not in release
thunderbird Fixed Fixed Fixed Fixed
Show all 8 packages Show less packages

CVE-2022-31741

Medium priority

Some fixes available 11 of 20

A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

8 affected packages

firefox, firefox-esr, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed Fixed
firefox-esr
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored Not in release
mozjs78 Not in release Ignored Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release
thunderbird Fixed Fixed Fixed Fixed
Show all 8 packages Show less packages

CVE-2022-31740

Medium priority

Some fixes available 12 of 20

On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

8 affected packages

firefox, mozjs38, mozjs52, thunderbird, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
thunderbird Fixed Fixed Fixed Fixed
mozjs68 Not in release Not in release Ignored Not in release
mozjs78 Not in release Ignored Not in release Not in release
firefox-esr
mozjs91 Not in release Fixed Not in release Not in release
Show all 8 packages Show less packages

CVE-2022-31738

Medium priority

Some fixes available 11 of 20

When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox <...

8 affected packages

firefox, firefox-esr, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed Fixed
firefox-esr
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored Not in release
mozjs78 Not in release Ignored Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release
thunderbird Fixed Fixed Fixed Fixed
Show all 8 packages Show less packages

CVE-2022-31737

Medium priority

Some fixes available 11 of 20

A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

8 affected packages

firefox, firefox-esr, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed Fixed
firefox-esr
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored Not in release
mozjs78 Not in release Ignored Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release
thunderbird Fixed Fixed Fixed Fixed
Show all 8 packages Show less packages

CVE-2022-31736

Medium priority

Some fixes available 11 of 20

A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

8 affected packages

mozjs68, mozjs78, mozjs91, mozjs52, thunderbird...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mozjs68 Not in release Not in release Ignored Not in release
mozjs78 Not in release Ignored Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release
mozjs52 Not in release Not in release Ignored Ignored
thunderbird Fixed Fixed Fixed Fixed
firefox Not affected Not affected Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored
firefox-esr
Show all 8 packages Show less packages

CVE-2022-1919

Medium priority

Some fixes available 3 of 14

Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

7 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs91...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release Not in release
thunderbird Not affected Not affected Not in release Ignored
mozjs78 Not in release Ignored Not in release Not in release
Show all 7 packages Show less packages

CVE-2022-1802

Medium priority

Some fixes available 7 of 8

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects...

2 affected packages

firefox, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Fixed Fixed
thunderbird Fixed Fixed Fixed
Show less packages

CVE-2022-1529

Medium priority

Some fixes available 7 of 8

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the...

2 affected packages

firefox, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Fixed Fixed
thunderbird Fixed Fixed Fixed
Show less packages

CVE-2022-29918

Medium priority

Some fixes available 3 of 12

Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some...

6 affected packages

mozjs78, firefox, mozjs38, mozjs52, mozjs68, mozjs91

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mozjs78 Not in release Ignored Not in release Not in release
firefox Not affected Not affected Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored
mozjs52 Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release Not in release
Show less packages
  1. Previous page
  2. 68
  3. 69
  4. 70
  5. 71
  6. 72
  7. Next page
Export to JSON