Search CVE reports
381 – 390 of 1943 results
CVE-2022-39251
Medium prioritySome fixes available 4 of 10
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person,...
2 affected packages
node-matrix-js-sdk, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| node-matrix-js-sdk | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
| thunderbird | Not affected | Fixed | Fixed | Fixed | Ignored |
CVE-2022-39249
Medium prioritySome fixes available 4 of 10
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages...
2 affected packages
node-matrix-js-sdk, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| node-matrix-js-sdk | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
| thunderbird | Not affected | Fixed | Fixed | Fixed | Ignored |
CVE-2022-39236
Medium prioritySome fixes available 4 of 10
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the...
2 affected packages
node-matrix-js-sdk, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| node-matrix-js-sdk | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
| thunderbird | Not affected | Fixed | Fixed | Fixed | Ignored |
CVE-2022-40962
Medium prioritySome fixes available 5 of 13
Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
| mozjs38 | — | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | — | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | — | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | — | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Not affected | Fixed | Fixed | Fixed | Ignored |
CVE-2022-40960
Medium priorityConcurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Not affected | Fixed | Fixed | Ignored |
| thunderbird | — | Fixed | Fixed | Fixed | Ignored |
CVE-2022-40959
Medium priorityDuring iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird...
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Not affected | Fixed | Fixed | Ignored |
| thunderbird | — | Fixed | Fixed | Fixed | Ignored |
CVE-2022-40958
Medium priorityBy injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This...
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Not affected | Fixed | Fixed | Ignored |
| thunderbird | — | Fixed | Fixed | Fixed | Ignored |
CVE-2022-40957
Medium prioritySome fixes available 5 of 13
Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3,...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
| mozjs38 | — | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | — | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | — | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | — | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Not affected | Fixed | Fixed | Fixed | Ignored |
CVE-2022-40956
Low priorityWhen injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Not affected | Fixed | Fixed | Ignored |
| thunderbird | — | Fixed | Fixed | Fixed | Ignored |
CVE-2022-3266
Medium priorityAn out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Not affected | Fixed | Fixed | Ignored |
| thunderbird | — | Fixed | Fixed | Fixed | Ignored |