Search CVE reports
101 – 110 of 371 results
CVE-2024-3856
Medium prioritySome fixes available 1 of 11
A use-after-free could occur during WASM execution if garbage collection ran during the creation of an array. This vulnerability affects Firefox < 125.
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Ignored | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Not affected | Not affected | — | — |
CVE-2024-3855
Medium prioritySome fixes available 1 of 11
In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads. This vulnerability affects Firefox < 125.
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Ignored | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Not affected | Not affected | — | — |
CVE-2024-3854
Medium prioritySome fixes available 4 of 13
In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Ignored | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Fixed | Fixed | — | — |
CVE-2024-3853
Medium prioritySome fixes available 1 of 11
A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. This vulnerability affects Firefox < 125.
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Ignored | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Not affected | Not affected | — | — |
CVE-2024-3852
Medium prioritySome fixes available 4 of 13
GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Ignored | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Fixed | Fixed | — | — |
CVE-2024-3302
Medium prioritySome fixes available 4 of 13
There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10,...
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Ignored | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Fixed | Fixed | — | — |
CVE-2024-31393
Medium priorityDragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS < 124.
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Not affected | — | — |
mozjs102 | Not affected | Not affected | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Not affected | — |
mozjs52 | Not in release | Not in release | Not affected | Not affected | — |
mozjs68 | Not in release | Not in release | Not affected | — | — |
mozjs78 | Not in release | Not affected | Not in release | — | — |
mozjs91 | Not in release | Not affected | Not in release | — | — |
thunderbird | Not affected | Not affected | Not affected | — | — |
CVE-2024-31392
Medium priorityIf an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124.
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Not affected | — | — |
mozjs102 | Not affected | Not affected | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Not affected | — |
mozjs52 | Not in release | Not in release | Not affected | Not affected | — |
mozjs68 | Not in release | Not in release | Not affected | — | — |
mozjs78 | Not in release | Not affected | Not in release | — | — |
mozjs91 | Not in release | Not affected | Not in release | — | — |
thunderbird | Not affected | Not affected | Not affected | — | — |
CVE-2024-29944
Medium prioritySome fixes available 1 of 11
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile...
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Ignored | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Not affected | Not affected | — | — |
CVE-2024-29943
Medium prioritySome fixes available 1 of 11
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Ignored | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Not affected | Not affected | — | — |