Search CVE reports
261 – 270 of 2489 results
Some fixes available 4 of 9
Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.
3 affected packages
firefox, libvpx, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | — | — |
| libvpx | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| thunderbird | Not affected | Not affected | Vulnerable | — | — |
Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability was fixed in...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | — | — |
| mozjs102 | Not in release | Ignored | Ignored | — | — |
| mozjs115 | Not in release | Ignored | Not in release | — | — |
| mozjs38 | Not in release | Not in release | Not in release | — | Needs evaluation |
| mozjs52 | Not in release | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Not in release | Ignored | — |
| mozjs78 | Not in release | Not in release | Ignored | — | — |
| mozjs91 | Not in release | Not in release | Ignored | — | — |
| thunderbird | Not affected | Not affected | Vulnerable | — | — |
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API...
5 affected packages
chromium-browser, firefox, libpng, libpng1.6, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | Not affected | Not affected | Not affected | — | — |
| firefox | Not affected | Not affected | Not affected | — | — |
| libpng | Not in release | Not in release | Not in release | — | — |
| libpng1.6 | Fixed | Fixed | Fixed | Fixed | Fixed |
| thunderbird | Not affected | Not affected | Not affected | — | — |
Some fixes available 12 of 73
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | — | — |
| cableswig | Not in release | Not in release | Not in release | — | — |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| coin3 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| expat | Not affected | Fixed | Fixed | Fixed | Fixed |
| firefox | Not affected | Not affected | Not affected | — | — |
| gdcm | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| libxmltok | Not in release | Fixed | Fixed | Fixed | Fixed |
| matanza | Ignored | Ignored | Ignored | Ignored | Needs evaluation |
| smart | Not in release | Not in release | Not in release | — | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Not affected | — | — |
| vnc4 | Not in release | Not in release | Not in release | — | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | — | — |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a...
1 affected package
thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| thunderbird | — | Not affected | Fixed | — | — |
Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability was fixed in Firefox 147.0.2.
2 affected packages
firefox, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Not affected | Not affected | — | — |
| thunderbird | — | Not affected | Not affected | — | — |
Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 147.0.2.
2 affected packages
firefox, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Not affected | Not affected | — | — |
| thunderbird | — | Not affected | Not affected | — | — |
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.
5 affected packages
chromium-browser, firefox, libpng, libpng1.6, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | Not affected | Not affected | — | — |
| firefox | — | Not affected | Not affected | — | — |
| libpng | — | Not in release | Not in release | — | — |
| libpng1.6 | — | Fixed | Not affected | Not affected | Not affected |
| thunderbird | — | Not affected | Not affected | — | — |
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high...
5 affected packages
chromium-browser, firefox, libpng, libpng1.6, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | Not affected | Not affected | — | — |
| firefox | — | Not affected | Not affected | — | — |
| libpng | — | Not in release | Not in release | — | — |
| libpng1.6 | — | Fixed | Not affected | Not affected | Not affected |
| thunderbird | — | Not affected | Not affected | — | — |
Some fixes available 1 of 81
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | — | — |
| cableswig | Not in release | Not in release | Not in release | — | — |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| coin3 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| expat | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| firefox | Not affected | Not affected | Not affected | — | — |
| gdcm | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| libxmltok | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Ignored | Needs evaluation |
| smart | Not in release | Not in release | Not in release | — | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Not affected | — | — |
| vnc4 | Not in release | Not in release | Not in release | — | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | — | — |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |