mozjs91 (Ubuntu:22.04:LTS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Ubuntu:22.04:LTS package mozjs91, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (26)
CVE-2024-11698 — CVSS 9.8 (critical): A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal…
CVE-2024-11693 — CVSS 9.8 (critical): The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating…
CVE-2024-10004 — CVSS 9.1 (critical): Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in…
CVE-2025-1941 — CVSS 9.1 (critical): Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed…
CVE-2025-2817 — CVSS 8.8 (high): Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the…
CVE-2024-11700 — CVSS 8.1 (high): Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly…
CVE-2025-3033 — CVSS 7.7 (high): After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects…
CVE-2024-11702 — CVSS 7.5 (high): Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the…
CVE-2025-1940 — CVSS 7.1 (high): A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in…
CVE-2025-23109 — CVSS 6.5 (medium): Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address. This vulnerability was…
CVE-2025-0246 — CVSS 6.5 (medium): When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems…
CVE-2025-4086 — CVSS 6.5 (medium): A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in…
CVE-2024-9391 — CVSS 6.5 (medium): A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may…
CVE-2025-4082 — CVSS 5.9 (medium): Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could…
CVE-2025-4084 — CVSS 5.7 (medium): Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this…
CVE-2025-27426 — CVSS 5.4 (medium): Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL. This vulnerability was…
CVE-2024-53976 — CVSS 5.4 (medium): Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what…
CVE-2025-0244 — CVSS 5.3 (medium): When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating…
CVE-2024-9395 — CVSS 5.3 (medium): A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog…
CVE-2024-8388 — CVSS 5.3 (medium): Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to…
CVE-2025-4090 — CVSS 5.3 (medium): A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability…
CVE-2025-27424 — CVSS 4.3 (medium): Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page. This vulnerability was…
CVE-2025-23108 — CVSS 4.3 (medium): Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the…
CVE-2025-27425 — CVSS 4.3 (medium): Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a…
CVE-2025-1939 — CVSS 3.9 (low): Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to…
CVE-2025-0245 — CVSS 3.3 (low): Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This…