Search CVE reports

1 – 10 of 243 results

Detailed view

Sort by:

CVE-2024-10468

Medium priority

Some fixes available 1 of 13

Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs115	Ignored	Not in release	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Vulnerable	Vulnerable	—	—

CVE-2024-10467

Medium priority

Some fixes available 1 of 13

Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs115	Ignored	Not in release	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Vulnerable	Vulnerable	—	—

CVE-2024-10466

Medium priority

Some fixes available 1 of 13

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs115	Ignored	Not in release	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Vulnerable	Vulnerable	—	—

CVE-2024-10465

Medium priority

Some fixes available 1 of 13

A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs115	Ignored	Not in release	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Vulnerable	Vulnerable	—	—

CVE-2024-10464

Medium priority

Some fixes available 1 of 13

Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132,...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs115	Ignored	Not in release	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Vulnerable	Vulnerable	—	—

CVE-2024-10463

Medium priority

Some fixes available 1 of 13

Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs115	Ignored	Not in release	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Vulnerable	Vulnerable	—	—

CVE-2024-10462

Medium priority

Some fixes available 1 of 13

Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs115	Ignored	Not in release	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Vulnerable	Vulnerable	—	—

CVE-2024-10461

Medium priority

Some fixes available 1 of 13

In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs115	Ignored	Not in release	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Vulnerable	Vulnerable	—	—

CVE-2024-10460

Medium priority

Some fixes available 1 of 13

The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs115	Ignored	Not in release	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Vulnerable	Vulnerable	—	—

CVE-2024-10459

Medium priority

Some fixes available 1 of 13

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4,...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs115	Ignored	Not in release	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Vulnerable	Vulnerable	—	—

Export to JSON

Results by page: