CVE-2024-10467

Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

History

04 Nov 2024, 13:26

Type Values Removed Values Added
References () https://bugzilla.mozilla.org/buglist.cgi?bug_id=1829029%2C1888538%2C1900394%2C1904059%2C1917742%2C1919809%2C1923706 - () https://bugzilla.mozilla.org/buglist.cgi?bug_id=1829029%2C1888538%2C1900394%2C1904059%2C1917742%2C1919809%2C1923706 - Broken Link
References () https://www.mozilla.org/security/advisories/mfsa2024-55/ - () https://www.mozilla.org/security/advisories/mfsa2024-55/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2024-56/ - () https://www.mozilla.org/security/advisories/mfsa2024-56/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2024-58/ - () https://www.mozilla.org/security/advisories/mfsa2024-58/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2024-59/ - () https://www.mozilla.org/security/advisories/mfsa2024-59/ - Vendor Advisory
CPE cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Summary
  • (es) Errores de seguridad de memoria presentes en Firefox 131, Firefox ESR 128.3 y Thunderbird 128.3. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haber sido explotados para ejecutar código arbitrario. Esta vulnerabilidad afecta a Firefox &lt; 132, Firefox ESR &lt; 128.4, Thunderbird &lt; 128.4 y Thunderbird &lt; 132.
First Time Mozilla
Mozilla thunderbird
Mozilla firefox
CWE CWE-787
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 8.8

29 Oct 2024, 15:35

Type Values Removed Values Added
CWE CWE-125
CWE-120
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

29 Oct 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-29 13:15

Updated : 2024-11-04 13:26


NVD link : CVE-2024-10467

Mitre link : CVE-2024-10467

CVE.ORG link : CVE-2024-10467


JSON object : View

Products Affected

mozilla

  • firefox
  • thunderbird
CWE
CWE-787

Out-of-bounds Write

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-125

Out-of-bounds Read