Search CVE reports
931 – 940 of 2385 results
Some fixes available 6 of 7
When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the...
1 affected package
thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| thunderbird | — | — | Fixed | Fixed | Fixed |
Some fixes available 12 of 32
The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by...
3 affected packages
thunderbird, node-matrix-js-sdk, olm
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
| node-matrix-js-sdk | Not in release | Needs evaluation | Needs evaluation | Ignored | — |
| olm | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
Some fixes available 2 of 3
A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3,...
2 affected packages
firefox, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | Not affected | Not in release | Not affected |
| thunderbird | — | — | Not affected | Fixed | Fixed |
Some fixes available 2 of 3
Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could...
2 affected packages
firefox, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | Not affected | Not in release | Not affected |
| thunderbird | — | — | Not affected | Fixed | Fixed |
The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other operating systems...
6 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Not affected | Not affected | Not in release | Not affected |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Not in release | Ignored | Not in release |
| mozjs78 | — | Not in release | Ignored | Not in release | Not in release |
| thunderbird | — | Not affected | Not affected | Not in release | Not affected |
Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that...
6 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Not affected | Not affected | Not in release | Not affected |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Not in release | Ignored | Not in release |
| mozjs78 | — | Not in release | Ignored | Not in release | Not in release |
| thunderbird | — | Not affected | Not affected | Not in release | Not affected |
Some fixes available 17 of 27
It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
7 affected packages
firefox, firefox-esr, mozjs38, mozjs52, mozjs68...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| firefox-esr | — | Not in release | Not in release | Not in release | Not in release |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Not in release | Ignored | Not in release |
| mozjs78 | — | Not in release | Ignored | Not in release | Not in release |
| thunderbird | — | Fixed | Fixed | Fixed | Fixed |
Some fixes available 17 of 27
Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
7 affected packages
firefox, firefox-esr, mozjs38, mozjs52, mozjs68...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| firefox-esr | — | Not in release | Not in release | Not in release | Not in release |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Not in release | Ignored | Not in release |
| mozjs78 | — | Not in release | Ignored | Not in release | Not in release |
| thunderbird | — | Fixed | Fixed | Fixed | Fixed |
Some fixes available 17 of 27
Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
7 affected packages
firefox, firefox-esr, mozjs38, mozjs52, mozjs68...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| firefox-esr | — | Not in release | Not in release | Not in release | Not in release |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Not in release | Ignored | Not in release |
| mozjs78 | — | Not in release | Ignored | Not in release | Not in release |
| thunderbird | — | Fixed | Fixed | Fixed | Fixed |
Some fixes available 17 of 27
Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
7 affected packages
firefox, firefox-esr, mozjs38, mozjs52, mozjs68...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| firefox-esr | — | Not in release | Not in release | Not in release | Not in release |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Not in release | Ignored | Not in release |
| mozjs78 | — | Not in release | Ignored | Not in release | Not in release |
| thunderbird | — | Fixed | Fixed | Fixed | Fixed |