Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Firefox_esr
(Mozilla)Repositories | https://github.com/libevent/libevent |
#Vulnerabilities | 1094 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-02-26 | CVE-2021-23969 | As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects... | Debian_linux, Firefox, Firefox_esr, Thunderbird | 4.3 | ||
2021-02-26 | CVE-2021-23973 | When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. | Debian_linux, Firefox, Firefox_esr, Thunderbird | 6.5 | ||
2021-02-26 | CVE-2021-23978 | Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. | Debian_linux, Firefox, Firefox_esr, Thunderbird | 8.8 | ||
2019-02-04 | CVE-2019-7317 | png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. | Ubuntu_linux, Debian_linux, Xp7_command_view, Xp7_command_view_advanced_edition_suite, Libpng, Firefox_esr, Thunderbird, Active_iq_unified_manager, Cloud_backup, E\-Series_santricity_management, E\-Series_santricity_storage_manager, E\-Series_santricity_unified_manager, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_workflow_automation, Plug\-In_for_symantec_netbackup, Snapmanager, Steelstore, Leap, Package_hub, Hyperion_infrastructure_technology, Java_se, Jdk, Mysql, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_scientific_computing, Enterprise_linux_workstation, Satellite | 5.3 | ||
2021-02-26 | CVE-2021-23964 | Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
2021-03-31 | CVE-2021-23981 | A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. | Firefox, Firefox_esr, Thunderbird | 8.1 | ||
2021-03-31 | CVE-2021-23987 | Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
2020-07-09 | CVE-2020-12405 | When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird | 5.3 | ||
2020-07-09 | CVE-2020-12410 | Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. | Ubuntu_linux, Firefox, Firefox_esr | 8.8 | ||
2020-07-09 | CVE-2020-12417 | Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird, Leap | 8.8 |