Search CVE reports
41 – 50 of 2052 results
CVE-2025-1009
Medium prioritySome fixes available 1 of 13
An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | — | — |
| mozjs102 | Ignored | Ignored | Not in release | — | — |
| mozjs115 | Ignored | Not in release | Not in release | — | — |
| mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
| mozjs68 | Not in release | Not in release | Ignored | — | — |
| mozjs78 | Not in release | Ignored | Not in release | — | — |
| mozjs91 | Not in release | Ignored | Not in release | — | — |
| thunderbird | Not affected | Vulnerable | Vulnerable | — | — |
CVE-2025-1020
Medium prioritySome fixes available 1 of 13
Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | — | — |
| mozjs102 | Ignored | Ignored | Not in release | — | — |
| mozjs115 | Ignored | Not in release | Not in release | — | — |
| mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
| mozjs68 | Not in release | Not in release | Ignored | — | — |
| mozjs78 | Not in release | Ignored | Not in release | — | — |
| mozjs91 | Not in release | Ignored | Not in release | — | — |
| thunderbird | Not affected | Vulnerable | Vulnerable | — | — |
CVE-2025-1019
Medium prioritySome fixes available 1 of 13
The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | — | — |
| mozjs102 | Ignored | Ignored | Not in release | — | — |
| mozjs115 | Ignored | Not in release | Not in release | — | — |
| mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
| mozjs68 | Not in release | Not in release | Ignored | — | — |
| mozjs78 | Not in release | Ignored | Not in release | — | — |
| mozjs91 | Not in release | Ignored | Not in release | — | — |
| thunderbird | Not affected | Vulnerable | Vulnerable | — | — |
CVE-2025-1018
Medium prioritySome fixes available 1 of 13
The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | — | — |
| mozjs102 | Ignored | Ignored | Not in release | — | — |
| mozjs115 | Ignored | Not in release | Not in release | — | — |
| mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
| mozjs68 | Not in release | Not in release | Ignored | — | — |
| mozjs78 | Not in release | Ignored | Not in release | — | — |
| mozjs91 | Not in release | Ignored | Not in release | — | — |
| thunderbird | Not affected | Vulnerable | Vulnerable | — | — |
CVE-2025-1015
Medium priorityThe Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the...
1 affected package
thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| thunderbird | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
CVE-2025-0510
Medium priorityThunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135.
1 affected package
thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| thunderbird | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
CVE-2025-23109
Medium priorityLong hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address This vulnerability affects Firefox for iOS < 134.
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | — | — |
| thunderbird | Not affected | Not affected | Not affected | — | — |
CVE-2025-23108
Medium priorityOpening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability affects Firefox for iOS < 134.
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | — | — |
| thunderbird | Not affected | Not affected | Not affected | — | — |
CVE-2025-0247
Medium prioritySome fixes available 1 of 11
Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | — | — |
| mozjs102 | Ignored | Ignored | Not in release | — | — |
| mozjs115 | Ignored | Not in release | Not in release | — | — |
| mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
| mozjs68 | Not in release | Not in release | Ignored | — | — |
| mozjs78 | Not in release | Ignored | Not in release | — | — |
| mozjs91 | Not in release | Ignored | Not in release | — | — |
| thunderbird | Not affected | Not affected | Not affected | — | — |
CVE-2025-0246
Negligible priorityWhen using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from...
2 affected packages
firefox, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | — | — |
| thunderbird | Not affected | Not affected | Not affected | — | — |