CVE-2024-7519

Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:128.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:128.0.1:*:*:*:*:*:*:*

History

12 Aug 2024, 16:04

Type Values Removed Values Added
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1902307 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1902307 - Issue Tracking, Permissions Required
References () https://www.mozilla.org/security/advisories/mfsa2024-33/ - () https://www.mozilla.org/security/advisories/mfsa2024-33/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2024-34/ - () https://www.mozilla.org/security/advisories/mfsa2024-34/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2024-35/ - () https://www.mozilla.org/security/advisories/mfsa2024-35/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2024-37/ - () https://www.mozilla.org/security/advisories/mfsa2024-37/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2024-38/ - () https://www.mozilla.org/security/advisories/mfsa2024-38/ - Vendor Advisory
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 9.6
CPE cpe:2.3:a:mozilla:firefox_esr:128.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:128.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
First Time Mozilla
Mozilla firefox Esr
Mozilla thunderbird
Mozilla firefox

07 Aug 2024, 21:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
Summary
  • (es) Las comprobaciones insuficientes al procesar la memoria compartida de gráficos podrían haber provocado daños en la memoria. Un atacante podría aprovechar esto para realizar un escape de la zona de pruebas. Esta vulnerabilidad afecta a Firefox &lt; 129, Firefox ESR &lt; 115.14, Firefox ESR &lt; 128.1, Thunderbird &lt; 128.1 y Thunderbird &lt; 115.14.
CWE CWE-787

06 Aug 2024, 23:15

Type Values Removed Values Added
Summary (en) Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. (en) Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
References
  • () https://www.mozilla.org/security/advisories/mfsa2024-37/ -
  • () https://www.mozilla.org/security/advisories/mfsa2024-38/ -

06 Aug 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-06 13:15

Updated : 2024-08-12 16:04


NVD link : CVE-2024-7519

Mitre link : CVE-2024-7519

CVE.ORG link : CVE-2024-7519


JSON object : View

Products Affected

mozilla

  • firefox
  • thunderbird
  • firefox_esr
CWE
CWE-787

Out-of-bounds Write