Search CVE reports
571 – 580 of 1943 results
CVE-2021-24002
Medium prioritySome fixes available 21 of 33
When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability...
7 affected packages
firefox, firefox-esr, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
firefox-esr | Not in release | Not in release | Not in release | Not in release | Not in release |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2021-23999
Medium prioritySome fixes available 21 of 33
If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR...
7 affected packages
firefox, firefox-esr, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
firefox-esr | Not in release | Not in release | Not in release | Not in release | Not in release |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2021-23998
Medium prioritySome fixes available 21 of 33
Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
7 affected packages
firefox, firefox-esr, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
firefox-esr | Not in release | Not in release | Not in release | Not in release | Not in release |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2021-23995
Medium prioritySome fixes available 21 of 33
When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR <...
7 affected packages
firefox, firefox-esr, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
firefox-esr | Not in release | Not in release | Not in release | Not in release | Not in release |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2021-23994
Medium prioritySome fixes available 21 of 33
A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
7 affected packages
firefox, firefox-esr, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
firefox-esr | Not in release | Not in release | Not in release | Not in release | Not in release |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2021-23993
Medium priorityAn attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user...
1 affected packages
thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
thunderbird | — | Fixed | Fixed | Fixed | Ignored |
CVE-2021-23992
Medium priorityThunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID, or by adding another user...
1 affected packages
thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
thunderbird | — | Fixed | Fixed | Fixed | Ignored |
CVE-2021-23991
Medium priorityIf a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted...
1 affected packages
thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
thunderbird | — | Fixed | Fixed | Fixed | Ignored |
CVE-2021-23987
Medium prioritySome fixes available 21 of 33
Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could...
7 affected packages
firefox, firefox-esr, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
firefox-esr | Not in release | Not in release | Not in release | Not in release | Not in release |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2021-23984
Medium prioritySome fixes available 21 of 33
A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website...
7 affected packages
firefox, firefox-esr, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
firefox-esr | Not in release | Not in release | Not in release | Not in release | Not in release |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Fixed | Ignored |