Search CVE reports

121 – 130 of 2874 results

Detailed view

Sort by:

CVE-2025-3032

Medium priority

Needs evaluation

Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox < 137 and Thunderbird < 137.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

CVE-2025-3031

Medium priority

Needs evaluation

An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability affects Firefox < 137 and Thunderbird < 137.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

CVE-2025-3030

Medium priority

Some fixes available 1 of 12

Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Fixed	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

CVE-2025-3029

Medium priority

Some fixes available 1 of 12

A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Fixed	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

CVE-2025-3028

Medium priority

Some fixes available 1 of 12

JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox < 137, Firefox ESR < 115.22, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9.

9 affected packages

mozjs78, firefox, thunderbird, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs78	Not in release	Ignored	Not in release	—
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Fixed	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

CVE-2024-8176

Medium priority

Some fixes available 5 of 83

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to...

23 affected packages

cadaver, apache2, apr-util, cmake, ghostscript...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
vnc4	Not in release	Not in release	Not in release	Needs evaluation
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
insighttoolkit4	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
gdcm	Not affected	Not affected	Not affected	Needs evaluation
ayttm	Not in release	Not in release	Not in release	—
cableswig	Not in release	Not in release	Not in release	—
coin3	Not affected	Not affected	Not affected	Needs evaluation
matanza	Ignored	Ignored	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
vtk	Not in release	Not in release	Not in release	—
smart	Not in release	Not in release	Not in release	Needs evaluation
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—
libxmltok	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
expat	Fixed	Fixed	Ignored	Ignored

CVE-2025-27426

Medium priority

Not affected

Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL This vulnerability affects Firefox for iOS < 136.

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—

CVE-2025-27425

Medium priority

Not affected

Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first This vulnerability affects Firefox for iOS < 136.

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—

CVE-2025-27424

Medium priority

Not affected

Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS < 136.

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—

CVE-2025-1943

Medium priority

Some fixes available 1 of 12

Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

9 affected packages

mozjs52, firefox, thunderbird, mozjs38, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
firefox	Not affected	Not affected	Fixed	—
thunderbird	Not affected	Not affected	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

Export to JSON

Results by page: