Search CVE reports
771 – 780 of 1943 results
CVE-2019-9790
Medium prioritySome fixes available 30 of 40
A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This...
5 affected packages
firefox, mozjs38, mozjs52, mozjs60, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2019-9788
Negligible prioritySome fixes available 30 of 40
Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort...
5 affected packages
firefox, mozjs38, mozjs52, mozjs60, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2019-5798
Medium priorityLack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
2 affected packages
chromium-browser, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | Fixed | Fixed |
| thunderbird | — | — | — | Fixed | Fixed |
CVE-2018-18499
Medium prioritySome fixes available 29 of 39
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy...
6 affected packages
firefox, firefox-esr, mozjs38, mozjs52, mozjs60, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| firefox-esr | Not in release | Not in release | Not in release | Not in release | Not in release |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2019-1988
Medium priorityIn sample6 of SkSwizzler.cpp, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution in system_server with no additional execution privileges needed. User interaction is...
7 affected packages
chromium-browser, firefox, mozjs38, mozjs52, mozjs60...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | Not affected | Not affected |
| firefox | — | — | — | Not affected | Not affected |
| mozjs38 | — | — | — | Not affected | Not in release |
| mozjs52 | — | — | — | Not affected | Not in release |
| mozjs60 | — | — | — | Not in release | Not in release |
| qtwebengine-opensource-src | — | — | — | Not affected | Not in release |
| thunderbird | — | — | — | Not affected | Not affected |
CVE-2019-1987
Medium priorityIn onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for...
7 affected packages
chromium-browser, firefox, mozjs38, mozjs52, mozjs60...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | Not affected | Not affected |
| firefox | — | — | — | Not affected | Not affected |
| mozjs38 | — | — | — | Not affected | Not in release |
| mozjs52 | — | — | — | Not affected | Not in release |
| mozjs60 | — | — | — | Not in release | Not in release |
| qtwebengine-opensource-src | — | — | — | Not affected | Not in release |
| thunderbird | — | — | — | Not affected | Not affected |
CVE-2019-1986
Medium priorityIn SkSwizzler::onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege in system_server with no additional execution privileges...
7 affected packages
chromium-browser, firefox, mozjs38, mozjs52, mozjs60...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | Not affected | Not affected |
| firefox | — | — | — | Not affected | Not affected |
| mozjs38 | — | — | — | Not affected | Not in release |
| mozjs52 | — | — | — | Not affected | Not in release |
| mozjs60 | — | — | — | Not in release | Not in release |
| qtwebengine-opensource-src | — | — | — | Not affected | Not in release |
| thunderbird | — | — | — | Not affected | Not affected |
CVE-2019-5785
Medium prioritySome fixes available 30 of 40
Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
7 affected packages
firefox, firefox-esr, mozjs38, mozjs52, mozjs60...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| firefox-esr | Not in release | Not in release | Not in release | Not in release | Not in release |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
| skia | Not in release | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2019-7317
Medium prioritySome fixes available 35 of 38
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
8 affected packages
firefox, libpng, libpng1.6, openjdk-12, openjdk-8...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| libpng | Not in release | Not in release | Not in release | Not in release | Not affected |
| libpng1.6 | Not affected | Not affected | Not affected | Fixed | Vulnerable |
| openjdk-12 | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjdk-8 | Not affected | Not affected | Not affected | Fixed | Fixed |
| openjdk-9 | Not in release | Not in release | Not in release | Not in release | Ignored |
| openjdk-lts | Not affected | Not affected | Not affected | Fixed | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2018-18506
Medium prioritySome fixes available 30 of 40
When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to...
5 affected packages
firefox, mozjs38, mozjs52, mozjs60, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |