Search CVE reports
621 – 630 of 1943 results
CVE-2020-15969
Medium prioritySome fixes available 23 of 29
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
7 affected packages
chromium-browser, firefox, mozjs38, mozjs52, mozjs60...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Not affected | Not affected | Not affected | Fixed | Fixed |
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2020-15669
Medium priorityWhen aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to...
2 affected packages
firefox-esr, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox-esr | — | Not in release | Not in release | Not in release | Not in release |
thunderbird | — | Not affected | Fixed | Fixed | Ignored |
CVE-2020-15663
Medium priorityIf Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that...
2 affected packages
firefox, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | — | — | Not affected | Not affected | Not affected |
thunderbird | — | — | Not affected | Not affected | Not affected |
CVE-2020-15678
Medium prioritySome fixes available 13 of 19
When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not...
6 affected packages
firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
thunderbird | Not affected | Not affected | Fixed | Fixed | Ignored |
CVE-2020-15677
Medium prioritySome fixes available 13 of 19
By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the...
6 affected packages
firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
thunderbird | Not affected | Not affected | Fixed | Fixed | Ignored |
CVE-2020-15676
Medium prioritySome fixes available 13 of 19
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability...
6 affected packages
firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
thunderbird | Not affected | Not affected | Fixed | Fixed | Ignored |
CVE-2020-15673
Medium prioritySome fixes available 13 of 19
Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to...
6 affected packages
firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
thunderbird | Not affected | Not affected | Fixed | Fixed | Ignored |
CVE-2020-15664
Medium prioritySome fixes available 13 of 19
By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with...
7 affected packages
firefox, firefox-esr, mozjs38, mozjs52, mozjs60...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
firefox-esr | Not in release | Not in release | Not in release | Not in release | Not in release |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
thunderbird | Not affected | Not affected | Fixed | Fixed | Ignored |
CVE-2020-15670
Medium prioritySome fixes available 13 of 19
Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...
6 affected packages
firefox, mozjs38, mozjs52, mozjs60, mozjs68, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
thunderbird | Not affected | Not affected | Fixed | Fixed | Ignored |
CVE-2020-15649
Medium priorityGiven an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other...
7 affected packages
firefox, firefox-esr, mozjs38, mozjs52, mozjs60...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | — | — | Not affected | Not affected | Not affected |
firefox-esr | — | — | Not in release | Not in release | Not in release |
mozjs38 | — | — | Not in release | Not affected | Not in release |
mozjs52 | — | — | Not affected | Not affected | Not in release |
mozjs60 | — | — | Not in release | Not in release | Not in release |
mozjs68 | — | — | Not affected | Not in release | Not in release |
thunderbird | — | — | Not affected | Not affected | Not affected |