Search CVE reports
21 – 30 of 2665 results
CVE-2024-8385
Medium prioritySome fixes available 1 of 10
A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | — | — |
| mozjs102 | Ignored | Ignored | Not in release | — | — |
| mozjs115 | Ignored | Not in release | Not in release | — | — |
| mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
| mozjs68 | Not in release | Not in release | Ignored | — | — |
| mozjs78 | Not in release | Ignored | Not in release | — | — |
| mozjs91 | Not in release | Ignored | Not in release | — | — |
| thunderbird | Not affected | Not affected | Not affected | — | — |
CVE-2024-8384
Medium prioritySome fixes available 3 of 12
The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130,...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | — | — |
| mozjs102 | Ignored | Ignored | Not in release | — | — |
| mozjs115 | Ignored | Not in release | Not in release | — | — |
| mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
| mozjs68 | Not in release | Not in release | Ignored | — | — |
| mozjs78 | Not in release | Ignored | Not in release | — | — |
| mozjs91 | Not in release | Ignored | Not in release | — | — |
| thunderbird | Not affected | Fixed | Fixed | — | — |
CVE-2024-8383
Medium prioritySome fixes available 1 of 10
Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:....
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | — | — |
| mozjs102 | Ignored | Ignored | Not in release | — | — |
| mozjs115 | Ignored | Not in release | Not in release | — | — |
| mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
| mozjs68 | Not in release | Not in release | Ignored | — | — |
| mozjs78 | Not in release | Ignored | Not in release | — | — |
| mozjs91 | Not in release | Ignored | Not in release | — | — |
| thunderbird | Not affected | Not affected | Not affected | — | — |
CVE-2024-8382
Medium prioritySome fixes available 3 of 12
Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | — | — |
| mozjs102 | Ignored | Ignored | Not in release | — | — |
| mozjs115 | Ignored | Not in release | Not in release | — | — |
| mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
| mozjs68 | Not in release | Not in release | Ignored | — | — |
| mozjs78 | Not in release | Ignored | Not in release | — | — |
| mozjs91 | Not in release | Ignored | Not in release | — | — |
| thunderbird | Not affected | Fixed | Fixed | — | — |
CVE-2024-8381
Medium prioritySome fixes available 3 of 12
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15,...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | — | — |
| mozjs102 | Ignored | Ignored | Not in release | — | — |
| mozjs115 | Ignored | Not in release | Not in release | — | — |
| mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
| mozjs68 | Not in release | Not in release | Ignored | — | — |
| mozjs78 | Not in release | Ignored | Not in release | — | — |
| mozjs91 | Not in release | Ignored | Not in release | — | — |
| thunderbird | Not affected | Fixed | Fixed | — | — |
CVE-2024-45492
Medium prioritySome fixes available 6 of 55
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | — | Needs evaluation |
| cableswig | Not in release | Not in release | Not in release | — | Needs evaluation |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| coin3 | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| firefox | Not affected | Not affected | Not affected | — | — |
| gdcm | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libxmltok | Not affected | Not affected | Not affected | Not affected | Not affected |
| matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| smart | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Not affected | — | — |
| vnc4 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | — | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-45491
Medium prioritySome fixes available 11 of 60
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | — | Needs evaluation |
| cableswig | Not in release | Not in release | Not in release | — | Needs evaluation |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| coin3 | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| firefox | Not affected | Not affected | Not affected | — | — |
| gdcm | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libxmltok | Fixed | Fixed | Fixed | Fixed | Fixed |
| matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| smart | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Not affected | — | — |
| vnc4 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | — | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-45490
Medium prioritySome fixes available 11 of 60
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | — | Needs evaluation |
| cableswig | Not in release | Not in release | Not in release | — | Needs evaluation |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| coin3 | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| firefox | Not affected | Not affected | Not affected | — | — |
| gdcm | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libxmltok | Fixed | Fixed | Fixed | Fixed | Fixed |
| matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| smart | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Not affected | — | — |
| vnc4 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | — | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-43113
Negligible priorityThe contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | — | — |
| mozjs102 | Ignored | Ignored | Not in release | — | — |
| mozjs115 | Ignored | Not in release | Not in release | — | — |
| mozjs38 | Not in release | Not in release | Not in release | Not affected | — |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
| mozjs68 | Not in release | Not in release | Ignored | — | — |
| mozjs78 | Not in release | Ignored | Not in release | — | — |
| mozjs91 | Not in release | Ignored | Not in release | — | — |
| thunderbird | Not affected | Not affected | Not affected | — | — |
CVE-2024-43112
Negligible priorityLong pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | — | — |
| mozjs102 | Ignored | Ignored | Not in release | — | — |
| mozjs115 | Ignored | Not in release | Not in release | — | — |
| mozjs38 | Not in release | Not in release | Not in release | Not affected | — |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
| mozjs68 | Not in release | Not in release | Ignored | — | — |
| mozjs78 | Not in release | Ignored | Not in release | — | — |
| mozjs91 | Not in release | Ignored | Not in release | — | — |
| thunderbird | Not affected | Not affected | Not affected | — | — |