Search CVE reports
611 – 620 of 1943 results
CVE-2020-26959
Medium prioritySome fixes available 21 of 27
During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 83,...
6 affected packages
firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2020-26958
Medium prioritySome fixes available 21 of 27
Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content...
6 affected packages
firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2020-26956
Medium prioritySome fixes available 21 of 27
In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
6 affected packages
firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2020-26953
Medium prioritySome fixes available 21 of 27
It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox...
6 affected packages
firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2020-26951
Medium prioritySome fixes available 21 of 27
A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have...
6 affected packages
firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2020-16012
Medium prioritySome fixes available 23 of 29
Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
7 affected packages
chromium-browser, firefox, mozjs38, mozjs52, mozjs60...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Not affected | Not affected | Not affected | Fixed | Fixed |
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2020-26950
High prioritySome fixes available 21 of 27
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2.
6 affected packages
firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2020-15683
Medium prioritySome fixes available 21 of 27
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could...
6 affected packages
firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2020-15999
High prioritySome fixes available 14 of 15
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
18 affected packages
android, chromium-browser, firefox, freetype, godot...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
android | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
chromium-browser | Not affected | Not affected | Not affected | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | Not affected | Not affected |
freetype | Fixed | Fixed | Fixed | Fixed | Fixed |
godot | Not affected | Not affected | Not affected | Not in release | Not in release |
graphicsmagick | Not affected | Not affected | Not affected | Not affected | Not affected |
musescore | Not in release | Not in release | Not affected | Not affected | Not affected |
openjdk-12 | Not in release | Not in release | Not in release | Not in release | Not in release |
openjdk-13 | Not in release | Not in release | Not affected | Not in release | Not in release |
openjdk-15 | Not in release | Not in release | Not in release | Not in release | Not in release |
openjdk-lts | Not affected | Not affected | Not affected | Not affected | Not in release |
oxide-qt | Not in release | Not in release | Not in release | Not in release | Not affected |
paraview | Not affected | Not affected | Not affected | Not affected | Not affected |
qtbase-opensource-src | Not affected | Not affected | Not affected | Not affected | Not affected |
qtbase-opensource-src-gles | Not affected | Not affected | Not affected | Not in release | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
texmaker | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2020-15646
Medium priorityIf an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and...
1 affected packages
thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
thunderbird | — | — | Fixed | Fixed | Fixed |