Search CVE reports

191 – 200 of 349 results

Detailed view

Sort by:

CVE-2024-3302

Medium priority

Some fixes available 4 of 13

There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10,...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Fixed	—
thunderbird	Not affected	Fixed	Fixed	—
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—

CVE-2024-31393

Medium priority

Not affected

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS < 124.

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Not affected
mozjs52	Not in release	Not in release	Not affected	Not affected
mozjs68	Not in release	Not in release	Not affected	—
mozjs78	Not in release	Not affected	Not in release	—
mozjs91	Not in release	Not affected	Not in release	—
mozjs102	Not affected	Not affected	Not in release	—

CVE-2024-31392

Medium priority

Not affected

If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124.

8 affected packages

thunderbird, firefox, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
thunderbird	Not affected	Not affected	Not in release	—
firefox	Not affected	Not affected	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Not affected
mozjs52	Not in release	Not in release	Not affected	Not affected
mozjs68	Not in release	Not in release	Not affected	—
mozjs78	Not in release	Not affected	Not in release	—
mozjs91	Not in release	Not affected	Not in release	—
mozjs102	Not affected	Not affected	Not in release	—

CVE-2024-29944

Medium priority

Some fixes available 1 of 11

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile...

8 affected packages

thunderbird, firefox, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
thunderbird	Not affected	Not affected	Not in release	—
firefox	Not affected	Not affected	Fixed	—
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—

CVE-2024-29943

Medium priority

Some fixes available 1 of 11

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Fixed	—
thunderbird	Not affected	Not affected	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—

CVE-2024-2616

Medium priority

Some fixes available 3 of 12

To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9.

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Fixed	Fixed	—
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—

CVE-2024-2615

Medium priority

Some fixes available 1 of 11

Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects...

8 affected packages

thunderbird, mozjs91, firefox, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
thunderbird	Not affected	Not affected	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
firefox	Not affected	Not affected	Fixed	—
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—

CVE-2024-2614

Medium priority

Some fixes available 4 of 13

Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Fixed	—
thunderbird	Not affected	Fixed	Fixed	—
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—

CVE-2024-2613

Medium priority

Some fixes available 1 of 11

Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox < 124.

8 affected packages

thunderbird, firefox, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
thunderbird	Not affected	Not affected	Not in release	—
firefox	Not affected	Not affected	Fixed	—
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—

CVE-2024-2612

Medium priority

Some fixes available 4 of 13

If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR <...

8 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Fixed	—
thunderbird	Not affected	Fixed	Fixed	—
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—

Export to JSON

Results by page: