On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
References
Configurations
No configuration.
History
21 Nov 2024, 09:30
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.mozilla.org/show_bug.cgi?id=1874489 - | |
References | () https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html - | |
References | () https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html - | |
References | () https://www.mozilla.org/security/advisories/mfsa2024-18/ - | |
References | () https://www.mozilla.org/security/advisories/mfsa2024-19/ - | |
References | () https://www.mozilla.org/security/advisories/mfsa2024-20/ - |
03 Jul 2024, 02:06
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
CWE | CWE-125 CWE-190 |
22 Apr 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Apr 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | (en) On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. |
19 Apr 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Apr 2024, 12:48
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
16 Apr 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-16 16:15
Updated : 2024-11-21 09:30
NVD link : CVE-2024-3859
Mitre link : CVE-2024-3859
CVE.ORG link : CVE-2024-3859
JSON object : View
Products Affected
No product.