Search CVE reports
201 – 210 of 1943 results
CVE-2023-4863
Medium priorityHeap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
4 affected packages
chromium-browser, firefox, libwebp, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Not affected | Not affected | Not affected | Ignored | Ignored |
firefox | Not affected | Not affected | Fixed | Ignored | Ignored |
libwebp | Fixed | Fixed | Fixed | Fixed | Not affected |
thunderbird | Fixed | Fixed | Fixed | Ignored | Ignored |
CVE-2023-4582
Negligible priorityDue to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS. *This bug only affects Firefox on macOS. Other operating...
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | — | Not affected | Not affected | Ignored | Ignored |
mozjs102 | — | Not affected | Not in release | Not in release | Not in release |
mozjs38 | — | Not in release | Not in release | Not affected | Not in release |
mozjs52 | — | Not in release | Not affected | Not affected | Not in release |
mozjs68 | — | Not in release | Not affected | Not in release | Not in release |
mozjs78 | — | Not affected | Not in release | Not in release | Not in release |
mozjs91 | — | Not affected | Not in release | Not in release | Not in release |
thunderbird | — | Not affected | Not affected | Ignored | Ignored |
CVE-2023-4576
Negligible priorityOn Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on...
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | — | Ignored | Ignored | Ignored | Ignored |
mozjs102 | — | Ignored | Not in release | Not in release | Not in release |
mozjs38 | — | Not in release | Not in release | Ignored | Not in release |
mozjs52 | — | Not in release | Ignored | Ignored | Not in release |
mozjs68 | — | Not in release | Ignored | Not in release | Not in release |
mozjs78 | — | Ignored | Not in release | Not in release | Not in release |
mozjs91 | — | Ignored | Not in release | Not in release | Not in release |
thunderbird | — | Ignored | Ignored | Ignored | Ignored |
CVE-2023-4585
Medium prioritySome fixes available 6 of 18
Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | Ignored | Ignored |
mozjs102 | Ignored | Ignored | Not in release | Not in release | Not in release |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
mozjs91 | Not in release | Ignored | Not in release | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Ignored | Ignored |
CVE-2023-4584
Medium prioritySome fixes available 6 of 18
Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of...
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | Ignored | Ignored |
mozjs102 | Ignored | Ignored | Not in release | Not in release | Not in release |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
mozjs91 | Not in release | Ignored | Not in release | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Ignored | Ignored |
CVE-2023-4583
Medium prioritySome fixes available 6 of 18
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the...
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | Ignored | Ignored |
mozjs102 | Ignored | Ignored | Not in release | Not in release | Not in release |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
mozjs91 | Not in release | Ignored | Not in release | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Ignored | Ignored |
CVE-2023-4581
Medium prioritySome fixes available 6 of 18
Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR <...
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | Ignored | Ignored |
mozjs102 | Ignored | Ignored | Not in release | Not in release | Not in release |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
mozjs91 | Not in release | Ignored | Not in release | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Ignored | Ignored |
CVE-2023-4580
Medium prioritySome fixes available 6 of 18
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | Ignored | Ignored |
mozjs102 | Ignored | Ignored | Not in release | Not in release | Not in release |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
mozjs91 | Not in release | Ignored | Not in release | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Ignored | Ignored |
CVE-2023-4579
Medium prioritySome fixes available 1 of 14
Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as...
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | Ignored | Ignored |
mozjs102 | Ignored | Ignored | Not in release | Not in release | Not in release |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
mozjs91 | Not in release | Ignored | Not in release | Not in release | Not in release |
thunderbird | Not affected | Not affected | Not affected | Ignored | Ignored |
CVE-2023-4578
Medium prioritySome fixes available 6 of 18
When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have...
8 affected packages
firefox, mozjs102, mozjs38, mozjs52, mozjs68...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | Ignored | Ignored |
mozjs102 | Ignored | Ignored | Not in release | Not in release | Not in release |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
mozjs91 | Not in release | Ignored | Not in release | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Ignored | Ignored |