Search CVE reports
251 – 260 of 2652 results
CVE-2023-28163
Medium priorityWhen downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. <br>*This bug only affects Firefox...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Not affected | Not affected | Not affected | Ignored |
| mozjs38 | — | Not in release | Not in release | Not affected | Not in release |
| mozjs52 | — | Not in release | Not affected | Not affected | Not in release |
| mozjs68 | — | Not in release | Not affected | Not in release | Not in release |
| mozjs78 | — | Not affected | Not in release | Not in release | Not in release |
| mozjs91 | — | Not affected | Not in release | Not in release | Not in release |
| thunderbird | — | Vulnerable | Vulnerable | Ignored | Ignored |
CVE-2023-28159
Medium priorityThe fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Not affected | Not affected | Not affected | Ignored |
| mozjs38 | — | Not in release | Not in release | Not affected | Not in release |
| mozjs52 | — | Not in release | Not affected | Not affected | Not in release |
| mozjs68 | — | Not in release | Not affected | Not in release | Not in release |
| mozjs78 | — | Not affected | Not in release | Not in release | Not in release |
| mozjs91 | — | Not affected | Not in release | Not in release | Not in release |
| thunderbird | — | Vulnerable | Vulnerable | Ignored | Ignored |
CVE-2023-25749
Medium priorityAndroid applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Not affected | Not affected | Not affected | Ignored |
| mozjs38 | — | Not in release | Not in release | Not affected | Not in release |
| mozjs52 | — | Not in release | Not affected | Not affected | Not in release |
| mozjs68 | — | Not in release | Not affected | Not in release | Not in release |
| mozjs78 | — | Not affected | Not in release | Not in release | Not in release |
| mozjs91 | — | Not affected | Not in release | Not in release | Not in release |
| thunderbird | — | Vulnerable | Vulnerable | Ignored | Ignored |
CVE-2023-25748
Medium priorityBy displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Not affected | Not affected | Not affected | Ignored |
| mozjs38 | — | Not in release | Not in release | Not affected | Not in release |
| mozjs52 | — | Not in release | Not affected | Not affected | Not in release |
| mozjs68 | — | Not in release | Not affected | Not in release | Not in release |
| mozjs78 | — | Not affected | Not in release | Not in release | Not in release |
| mozjs91 | — | Not affected | Not in release | Not in release | Not in release |
| thunderbird | — | Vulnerable | Vulnerable | Ignored | Ignored |
CVE-2023-25743
Medium priorityA lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability...
1 affected packages
firefox
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Not affected | Not affected | Ignored | Ignored |
CVE-2023-25740
Medium priorityAfter downloading a Windows <code>.scf</code> script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak...
1 affected packages
firefox
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Not affected | Not affected | Ignored | Ignored |
CVE-2023-25738
Medium priorityMembers of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related...
1 affected packages
firefox
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Not affected | Not affected | Ignored | Ignored |
CVE-2023-25734
Medium priorityAfter downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak...
1 affected packages
firefox
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Not affected | Not affected | Ignored | Ignored |
CVE-2023-23600
Medium priorityPer origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be displayed during...
1 affected packages
firefox
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Not affected | Not affected | Ignored | Ignored |
CVE-2023-32216
Medium prioritySome fixes available 2 of 11
Memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | Not in release | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Not affected | Not affected | Not affected | Ignored | Ignored |