Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1857607%2C1911858%2C1914009 | Broken Link |
https://www.mozilla.org/security/advisories/mfsa2024-39/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2024-40/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2024-43/ |
Configurations
Configuration 1 (hide)
|
History
06 Sep 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | (en) Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. |
04 Sep 2024, 15:44
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.mozilla.org/buglist.cgi?bug_id=1857607%2C1911858%2C1914009 - Broken Link | |
References | () https://www.mozilla.org/security/advisories/mfsa2024-39/ - Vendor Advisory | |
References | () https://www.mozilla.org/security/advisories/mfsa2024-40/ - Vendor Advisory | |
Summary |
|
|
CWE | CWE-787 | |
CPE | cpe:2.3:a:mozilla:thunderbird:128.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:128.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:129.0:*:*:*:*:*:*:* |
|
First Time |
Mozilla
Mozilla firefox Esr Mozilla thunderbird Mozilla firefox |
03 Sep 2024, 16:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-119 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
03 Sep 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-03 13:15
Updated : 2024-09-06 17:15
NVD link : CVE-2024-8387
Mitre link : CVE-2024-8387
CVE.ORG link : CVE-2024-8387
JSON object : View
Products Affected
mozilla
- firefox
- thunderbird
- firefox_esr