CVE-2024-8394

When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

History

11 Sep 2024, 16:25

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CPE cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CWE CWE-416
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1895737 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1895737 - Issue Tracking, Permissions Required
References () https://www.mozilla.org/security/advisories/mfsa2024-43/ - () https://www.mozilla.org/security/advisories/mfsa2024-43/ - Vendor Advisory
First Time Mozilla thunderbird
Mozilla

09 Sep 2024, 13:03

Type Values Removed Values Added
Summary
  • (es) Al interrumpir la verificación de una sesión de chat OTR, un atacante podría haber provocado un error de use-after-free que condujo a un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird &lt; 128.2.

06 Sep 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-06 17:15

Updated : 2024-09-11 16:25


NVD link : CVE-2024-8394

Mitre link : CVE-2024-8394

CVE.ORG link : CVE-2024-8394


JSON object : View

Products Affected

mozilla

  • thunderbird
CWE
CWE-416

Use After Free