Vulnerability-Lookup

CVE-2024-2612 (GCVE-0-2024-2612)

Vulnerability from cvelistv5 – Published: 2024-03-19 12:02 – Updated: 2025-02-13 17:41

Summary

If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Self referencing object could have potentially led to a use-after-free

Assigner

mozilla

References

6 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=1879444
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://lists.debian.org/debian-lts-announce/2024…
https://lists.debian.org/debian-lts-announce/2024…

Impacted products

3 products

Vendor	Product	Version
Mozilla	Firefox	Affected: unspecified , < 124 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 115.9 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 115.9 (custom)

Credits

Ronald Crane

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:18:47.923Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1879444"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "firefox",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "124",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "firefox_esr",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "115.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thunderbird",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "115.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-2612",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-21T16:02:53.082858Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-12T17:15:53.864Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "124",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ronald Crane"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "If an attacker could find a way to trigger a particular code path in \u003ccode\u003eSafeRefPtr\u003c/code\u003e, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9."
            }
          ],
          "value": "If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Self referencing object could have potentially led to a use-after-free",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-25T17:06:09.532Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1879444"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2024-2612",
    "datePublished": "2024-03-19T12:02:56.196Z",
    "dateReserved": "2024-03-18T16:22:33.156Z",
    "dateUpdated": "2025-02-13T17:41:02.934Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-2612",
      "date": "2026-05-22",
      "epss": "0.01767",
      "percentile": "0.82875"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9.\"}, {\"lang\": \"es\", \"value\": \"Si un atacante pudiera encontrar una manera de activar una ruta de c\\u00f3digo particular en `SafeRefPtr`, podr\\u00eda haber provocado un bloqueo o potencialmente aprovecharse para lograr la ejecuci\\u00f3n del c\\u00f3digo. Esta vulnerabilidad afecta a Firefox \u0026lt; 124, Firefox ESR \u0026lt; 115.9 y Thunderbird \u0026lt; 115.9.\"}]",
      "id": "CVE-2024-2612",
      "lastModified": "2024-11-21T09:10:07.573",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}]}",
      "published": "2024-03-19T12:15:09.063",
      "references": "[{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1879444\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-12/\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-13/\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-14/\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1879444\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-12/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-13/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-14/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@mozilla.org",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-2612\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2024-03-19T12:15:09.063\",\"lastModified\":\"2025-07-17T13:35:05.670\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9.\"},{\"lang\":\"es\",\"value\":\"Si un atacante pudiera encontrar una manera de activar una ruta de c\u00f3digo particular en `SafeRefPtr`, podr\u00eda haber provocado un bloqueo o potencialmente aprovecharse para lograr la ejecuci\u00f3n del c\u00f3digo. Esta vulnerabilidad afecta a Firefox \u0026lt; 124, Firefox ESR \u0026lt; 115.9 y Thunderbird \u0026lt; 115.9.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*\",\"versionEndExcluding\":\"115.9\",\"matchCriteriaId\":\"F478A19C-8B4B-4C2B-8668-6349673DDBC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"124.0\",\"matchCriteriaId\":\"AA5A5703-41D3-40FB-835D-19DDCAFF384B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"115.9\",\"matchCriteriaId\":\"9BD0BBCA-24E5-400C-AFDF-F83277B485A4\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1879444\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-12/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-13/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-14/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1879444\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-12/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-13/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-14/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1879444\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-12/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-13/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-14/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T19:18:47.923Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-2612\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-21T16:02:53.082858Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\"], \"vendor\": \"mozilla\", \"product\": \"firefox\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"124\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\"], \"vendor\": \"mozilla\", \"product\": \"firefox_esr\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"115.9\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\"], \"vendor\": \"mozilla\", \"product\": \"thunderbird\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"115.9\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-12T17:13:05.408Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Ronald Crane\"}], \"affected\": [{\"vendor\": \"Mozilla\", \"product\": \"Firefox\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"124\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Firefox ESR\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"115.9\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Thunderbird\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"115.9\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1879444\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-12/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-13/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-14/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"If an attacker could find a way to trigger a particular code path in \u003ccode\u003eSafeRefPtr\u003c/code\u003e, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Self referencing object could have potentially led to a use-after-free\"}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2024-03-25T17:06:09.532Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-2612\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:41:02.934Z\", \"dateReserved\": \"2024-03-18T16:22:33.156Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2024-03-19T12:02:56.196Z\", \"assignerShortName\": \"mozilla\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2024-AVI-0234

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 115.9
Mozilla	Firefox	Firefox versions antérieures à 124
Mozilla	Thunderbird	Thunderbird versions antérieures à 115.9

References

Title

Publication Time

CERTFR-2024-AVI-0234

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 115.9
Mozilla	Firefox	Firefox versions antérieures à 124
Mozilla	Thunderbird	Thunderbird versions antérieures à 115.9

References

Title

Publication Time

alsa-2024:1484

Vulnerability from osv_almalinux

Published

2024-03-25 00:00

Modified

2024-04-03 14:52

Summary

Critical: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.9.1 ESR.

Security Fix(es):

nss: timing attack against RSA decryption (CVE-2023-5388)
Mozilla: Crash in NSS TLS method (CVE-2024-0743)
Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)
Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608)
Mozilla: Improve handling of out-of-memory conditions in ICU (CVE-2024-2616)
Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610)
Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611)
Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612)
Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614)
Mozilla: Privileged JavaScript Execution via Event Handlers (CVE-2024-29944)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:1484	ADVISORY
	https://access.redhat.com/security/cve/CVE-2023-5388	REPORT
	https://access.redhat.com/security/cve/CVE-2024-0743	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2607	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2608	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2610	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2611	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2612	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2614	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2616	REPORT
	https://access.redhat.com/security/cve/CVE-2024-29944	REPORT
	https://bugzilla.redhat.com/2243644	REPORT
	https://bugzilla.redhat.com/2260012	REPORT
	https://bugzilla.redhat.com/2270660	REPORT
	https://bugzilla.redhat.com/2270661	REPORT
	https://bugzilla.redhat.com/2270662	REPORT
	https://bugzilla.redhat.com/2270663	REPORT
	https://bugzilla.redhat.com/2270664	REPORT
	https://bugzilla.redhat.com/2270665	REPORT
	https://bugzilla.redhat.com/2270666	REPORT
	https://bugzilla.redhat.com/2271064	REPORT
	https://errata.almalinux.org/8/ALSA-2024-1484.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "115.9.1-1.el8_9.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards\ncompliance, performance, and portability.\n\nThis update upgrades Firefox to version 115.9.1 ESR.\n\nSecurity Fix(es):\n\n* nss: timing attack against RSA decryption (CVE-2023-5388)\n* Mozilla: Crash in NSS TLS method (CVE-2024-0743)\n* Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)\n* Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608)\n* Mozilla: Improve handling of out-of-memory conditions in ICU (CVE-2024-2616)\n* Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610)\n* Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611)\n* Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612)\n* Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614)\n* Mozilla: Privileged JavaScript Execution via Event Handlers (CVE-2024-29944)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:1484",
  "modified": "2024-04-03T14:52:34Z",
  "published": "2024-03-25T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:1484"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-5388"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0743"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2607"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2608"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2610"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2611"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2612"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2614"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2616"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-29944"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2243644"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2260012"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270660"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270661"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270662"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270663"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270664"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270665"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270666"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2271064"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2024-1484.html"
    }
  ],
  "related": [
    "CVE-2023-5388",
    "CVE-2024-0743",
    "CVE-2024-2607",
    "CVE-2024-2608",
    "CVE-2024-2616",
    "CVE-2024-2610",
    "CVE-2024-2611",
    "CVE-2024-2612",
    "CVE-2024-2614",
    "CVE-2024-29944"
  ],
  "summary": "Critical: firefox security update"
}

alsa-2024:1485

Vulnerability from osv_almalinux

Published

2024-03-25 00:00

Modified

2024-04-03 14:53

Summary

Critical: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.9.1 ESR.

Security Fix(es):

nss: timing attack against RSA decryption (CVE-2023-5388)
Mozilla: Crash in NSS TLS method (CVE-2024-0743)
Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)
Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608)
Mozilla: Improve handling of out-of-memory conditions in ICU (CVE-2024-2616)
Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610)
Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611)
Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612)
Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614)
Mozilla: Privileged JavaScript Execution via Event Handlers (CVE-2024-29944)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:1485	ADVISORY
	https://access.redhat.com/security/cve/CVE-2023-5388	REPORT
	https://access.redhat.com/security/cve/CVE-2024-0743	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2607	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2608	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2610	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2611	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2612	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2614	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2616	REPORT
	https://access.redhat.com/security/cve/CVE-2024-29944	REPORT
	https://bugzilla.redhat.com/2243644	REPORT
	https://bugzilla.redhat.com/2260012	REPORT
	https://bugzilla.redhat.com/2270660	REPORT
	https://bugzilla.redhat.com/2270661	REPORT
	https://bugzilla.redhat.com/2270662	REPORT
	https://bugzilla.redhat.com/2270663	REPORT
	https://bugzilla.redhat.com/2270664	REPORT
	https://bugzilla.redhat.com/2270665	REPORT
	https://bugzilla.redhat.com/2270666	REPORT
	https://bugzilla.redhat.com/2271064	REPORT
	https://errata.almalinux.org/9/ALSA-2024-1485.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "115.9.1-1.el9_3.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "firefox-x11"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "115.9.1-1.el9_3.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards\ncompliance, performance, and portability.\n\nThis update upgrades Firefox to version 115.9.1 ESR.\n\nSecurity Fix(es):\n\n* nss: timing attack against RSA decryption (CVE-2023-5388)\n* Mozilla: Crash in NSS TLS method (CVE-2024-0743)\n* Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)\n* Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608)\n* Mozilla: Improve handling of out-of-memory conditions in ICU (CVE-2024-2616)\n* Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610)\n* Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611)\n* Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612)\n* Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614)\n* Mozilla: Privileged JavaScript Execution via Event Handlers (CVE-2024-29944)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:1485",
  "modified": "2024-04-03T14:53:57Z",
  "published": "2024-03-25T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:1485"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-5388"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0743"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2607"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2608"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2610"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2611"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2612"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2614"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2616"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-29944"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2243644"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2260012"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270660"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270661"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270662"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270663"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270664"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270665"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270666"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2271064"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-1485.html"
    }
  ],
  "related": [
    "CVE-2023-5388",
    "CVE-2024-0743",
    "CVE-2024-2607",
    "CVE-2024-2608",
    "CVE-2024-2616",
    "CVE-2024-2610",
    "CVE-2024-2611",
    "CVE-2024-2612",
    "CVE-2024-2614",
    "CVE-2024-29944"
  ],
  "summary": "Critical: firefox security update"
}

alsa-2024:1493

Vulnerability from osv_almalinux

Published

2024-03-25 00:00

Modified

2024-04-10 08:56

Summary

Moderate: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.9.0.

Security Fix(es):

nss: timing attack against RSA decryption (CVE-2023-5388)
Mozilla: Crash in NSS TLS method (CVE-2024-0743)
Mozilla: Leaking of encrypted email subjects to other conversations (CVE-2024-1936)
Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)
Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608)
Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610)
Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611)
Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612)
Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:1493	ADVISORY
	https://access.redhat.com/security/cve/CVE-2023-5388	REPORT
	https://access.redhat.com/security/cve/CVE-2024-0743	REPORT
	https://access.redhat.com/security/cve/CVE-2024-1936	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2607	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2608	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2610	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2611	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2612	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2614	REPORT
	https://bugzilla.redhat.com/2243644	REPORT
	https://bugzilla.redhat.com/2260012	REPORT
	https://bugzilla.redhat.com/2268171	REPORT
	https://bugzilla.redhat.com/2270660	REPORT
	https://bugzilla.redhat.com/2270661	REPORT
	https://bugzilla.redhat.com/2270663	REPORT
	https://bugzilla.redhat.com/2270664	REPORT
	https://bugzilla.redhat.com/2270665	REPORT
	https://bugzilla.redhat.com/2270666	REPORT
	https://errata.almalinux.org/9/ALSA-2024-1493.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "115.9.0-1.el9_3.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 115.9.0.\n\nSecurity Fix(es):\n\n* nss: timing attack against RSA decryption (CVE-2023-5388)\n* Mozilla: Crash in NSS TLS method (CVE-2024-0743)\n* Mozilla: Leaking of encrypted email subjects to other conversations  (CVE-2024-1936)\n* Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)\n* Mozilla: Integer overflow could have led to out of bounds write\n(CVE-2024-2608)\n* Mozilla: Improper handling of html and body tags enabled CSP nonce leakage\n(CVE-2024-2610)\n* Mozilla: Clickjacking vulnerability could have led to a user accidentally\ngranting permissions (CVE-2024-2611)\n* Mozilla: Self referencing object could have potentially led to a\nuse-after-free (CVE-2024-2612)\n* Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and\nThunderbird 115.9 (CVE-2024-2614)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:1493",
  "modified": "2024-04-10T08:56:31Z",
  "published": "2024-03-25T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:1493"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-5388"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0743"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-1936"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2607"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2608"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2610"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2611"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2612"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2614"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2243644"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2260012"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2268171"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270660"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270661"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270663"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270664"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270665"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270666"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-1493.html"
    }
  ],
  "related": [
    "CVE-2023-5388",
    "CVE-2024-0743",
    "CVE-2024-1936",
    "CVE-2024-2607",
    "CVE-2024-2608",
    "CVE-2024-2610",
    "CVE-2024-2611",
    "CVE-2024-2612",
    "CVE-2024-2614"
  ],
  "summary": "Moderate: thunderbird security update"
}

alsa-2024:1494

Vulnerability from osv_almalinux

Published

2024-03-25 00:00

Modified

2024-04-04 14:02

Summary

Moderate: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.9.0.

Security Fix(es):

nss: timing attack against RSA decryption (CVE-2023-5388)
Mozilla: Crash in NSS TLS method (CVE-2024-0743)
Mozilla: Leaking of encrypted email subjects to other conversations (CVE-2024-1936)
Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)
Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608)
Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610)
Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611)
Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612)
Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:1494	ADVISORY
	https://access.redhat.com/security/cve/CVE-2023-5388	REPORT
	https://access.redhat.com/security/cve/CVE-2024-0743	REPORT
	https://access.redhat.com/security/cve/CVE-2024-1936	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2607	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2608	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2610	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2611	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2612	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2614	REPORT
	https://bugzilla.redhat.com/2243644	REPORT
	https://bugzilla.redhat.com/2260012	REPORT
	https://bugzilla.redhat.com/2268171	REPORT
	https://bugzilla.redhat.com/2270660	REPORT
	https://bugzilla.redhat.com/2270661	REPORT
	https://bugzilla.redhat.com/2270663	REPORT
	https://bugzilla.redhat.com/2270664	REPORT
	https://bugzilla.redhat.com/2270665	REPORT
	https://bugzilla.redhat.com/2270666	REPORT
	https://errata.almalinux.org/8/ALSA-2024-1494.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "115.9.0-1.el8_9.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 115.9.0.\n\nSecurity Fix(es):\n\n* nss: timing attack against RSA decryption (CVE-2023-5388)\n* Mozilla: Crash in NSS TLS method (CVE-2024-0743)\n* Mozilla: Leaking of encrypted email subjects to other conversations  (CVE-2024-1936)\n* Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)\n* Mozilla: Integer overflow could have led to out of bounds write\n(CVE-2024-2608)\n* Mozilla: Improper handling of html and body tags enabled CSP nonce leakage\n(CVE-2024-2610)\n* Mozilla: Clickjacking vulnerability could have led to a user accidentally\ngranting permissions (CVE-2024-2611)\n* Mozilla: Self referencing object could have potentially led to a\nuse-after-free (CVE-2024-2612)\n* Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and\nThunderbird 115.9 (CVE-2024-2614)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:1494",
  "modified": "2024-04-04T14:02:37Z",
  "published": "2024-03-25T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:1494"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-5388"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0743"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-1936"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2607"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2608"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2610"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2611"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2612"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2614"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2243644"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2260012"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2268171"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270660"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270661"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270663"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270664"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270665"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270666"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2024-1494.html"
    }
  ],
  "related": [
    "CVE-2023-5388",
    "CVE-2024-0743",
    "CVE-2024-1936",
    "CVE-2024-2607",
    "CVE-2024-2608",
    "CVE-2024-2610",
    "CVE-2024-2611",
    "CVE-2024-2612",
    "CVE-2024-2614"
  ],
  "summary": "Moderate: thunderbird security update"
}

CNVD-2024-14979

Vulnerability from cnvd - Published: 2024-03-29

Title

多款Mozilla产品代码执行漏洞（CNVD-2024-14979）

Description

Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox（Web浏览器）的一个延长支持版本。Mozilla Thunderbird是一套从Mozilla Application Suite独立出来的电子邮件客户端软件。多款Mozilla产品存在代码执行漏洞，该漏洞源于自引用对象可能会导致释放后重用。攻击者可利用该漏洞在系统上执行任意代码或导致拒绝服务。

Severity

高

Patch Name

多款Mozilla产品代码执行漏洞（CNVD-2024-14979）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.mozilla.org/security/advisories/mfsa2024-12/
https://www.mozilla.org/security/advisories/mfsa2024-13/
https://www.mozilla.org/security/advisories/mfsa2024-14/

Reference

https://www.mozilla.org/security/advisories/mfsa2024-12/ https://www.mozilla.org/security/advisories/mfsa2024-13/ https://www.mozilla.org/security/advisories/mfsa2024-14/

Impacted products

Name
['Mozilla Firefox ESR <115.9', 'Mozilla Thunderbird <115.9', 'Mozilla Firefox <124']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-2612",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-2612"
    }
  },
  "description": "Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Mozilla Firefox ESR\u662fFirefox\uff08Web\u6d4f\u89c8\u5668\uff09\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002Mozilla Thunderbird\u662f\u4e00\u5957\u4eceMozilla Application Suite\u72ec\u7acb\u51fa\u6765\u7684\u7535\u5b50\u90ae\u4ef6\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002\n\n\u591a\u6b3eMozilla\u4ea7\u54c1\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u81ea\u5f15\u7528\u5bf9\u8c61\u53ef\u80fd\u4f1a\u5bfc\u81f4\u91ca\u653e\u540e\u91cd\u7528\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.mozilla.org/security/advisories/mfsa2024-12/ \t\r\nhttps://www.mozilla.org/security/advisories/mfsa2024-13/ \t\r\nhttps://www.mozilla.org/security/advisories/mfsa2024-14/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-14979",
  "openTime": "2024-03-29",
  "patchDescription": "Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Mozilla Firefox ESR\u662fFirefox\uff08Web\u6d4f\u89c8\u5668\uff09\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002Mozilla Thunderbird\u662f\u4e00\u5957\u4eceMozilla Application Suite\u72ec\u7acb\u51fa\u6765\u7684\u7535\u5b50\u90ae\u4ef6\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u6b3eMozilla\u4ea7\u54c1\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u81ea\u5f15\u7528\u5bf9\u8c61\u53ef\u80fd\u4f1a\u5bfc\u81f4\u91ca\u653e\u540e\u91cd\u7528\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eMozilla\u4ea7\u54c1\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2024-14979\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mozilla Firefox ESR \u003c115.9",
      "Mozilla Thunderbird \u003c115.9",
      "Mozilla Firefox \u003c124"
    ]
  },
  "referenceLink": "https://www.mozilla.org/security/advisories/mfsa2024-12/ \t\r\nhttps://www.mozilla.org/security/advisories/mfsa2024-13/ \t\r\nhttps://www.mozilla.org/security/advisories/mfsa2024-14/",
  "serverity": "\u9ad8",
  "submitTime": "2024-03-21",
  "title": "\u591a\u6b3eMozilla\u4ea7\u54c1\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2024-14979\uff09"
}

FKIE_CVE-2024-2612

Vulnerability from fkie_nvd - Published: 2024-03-19 12:15 - Updated: 2025-07-17 13:35

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1879444	Issue Tracking
security@mozilla.org	https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html	Mailing List
security@mozilla.org	https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html	Mailing List
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2024-12/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2024-13/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2024-14/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1879444	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2024-12/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2024-13/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2024-14/	Vendor Advisory

Impacted products

Vendor	Product	Version
mozilla	firefox	*
mozilla	firefox	*
mozilla	thunderbird	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
              "matchCriteriaId": "F478A19C-8B4B-4C2B-8668-6349673DDBC2",
              "versionEndExcluding": "115.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "AA5A5703-41D3-40FB-835D-19DDCAFF384B",
              "versionEndExcluding": "124.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BD0BBCA-24E5-400C-AFDF-F83277B485A4",
              "versionEndExcluding": "115.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9."
    },
    {
      "lang": "es",
      "value": "Si un atacante pudiera encontrar una manera de activar una ruta de c\u00f3digo particular en `SafeRefPtr`, podr\u00eda haber provocado un bloqueo o potencialmente aprovecharse para lograr la ejecuci\u00f3n del c\u00f3digo. Esta vulnerabilidad afecta a Firefox \u0026lt; 124, Firefox ESR \u0026lt; 115.9 y Thunderbird \u0026lt; 115.9."
    }
  ],
  "id": "CVE-2024-2612",
  "lastModified": "2025-07-17T13:35:05.670",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-03-19T12:15:09.063",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1879444"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1879444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-J8F6-Q345-C99F

Vulnerability from github – Published: 2024-03-19 12:30 – Updated: 2024-08-12 21:31

Details

If an attacker could find a way to trigger a particular code path in SafeRefPtr, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

Severity ?

8.1 (High)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-2612"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-19T12:15:09Z",
    "severity": "HIGH"
  },
  "details": "If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9.",
  "id": "GHSA-j8f6-q345-c99f",
  "modified": "2024-08-12T21:31:31Z",
  "published": "2024-03-19T12:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2612"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1879444"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-12"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-13"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2024-2612

Vulnerability from gsd - Updated: 2024-04-02 05:02

Details

Aliases

CVE-2024-2612

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-2612"
      ],
      "details": "If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9.",
      "id": "GSD-2024-2612",
      "modified": "2024-04-02T05:02:53.026055Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2024-2612",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Firefox",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "124"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox ESR",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "115.9"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Thunderbird",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "115.9"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Ronald Crane"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Self referencing object could have potentially led to a use-after-free"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1879444",
            "refsource": "MISC",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1879444"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2024-12/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2024-13/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2024-14/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/"
          },
          {
            "name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html",
            "refsource": "MISC",
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html"
          },
          {
            "name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html",
            "refsource": "MISC",
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9."
          },
          {
            "lang": "es",
            "value": "Si un atacante pudiera encontrar una manera de activar una ruta de c\u00f3digo particular en `SafeRefPtr`, podr\u00eda haber provocado un bloqueo o potencialmente aprovecharse para lograr la ejecuci\u00f3n del c\u00f3digo. Esta vulnerabilidad afecta a Firefox \u0026lt; 124, Firefox ESR \u0026lt; 115.9 y Thunderbird \u0026lt; 115.9."
          }
        ],
        "id": "CVE-2024-2612",
        "lastModified": "2024-03-25T17:15:51.923",
        "metrics": {},
        "published": "2024-03-19T12:15:09.063",
        "references": [
          {
            "source": "security@mozilla.org",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1879444"
          },
          {
            "source": "security@mozilla.org",
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html"
          },
          {
            "source": "security@mozilla.org",
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html"
          },
          {
            "source": "security@mozilla.org",
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/"
          },
          {
            "source": "security@mozilla.org",
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/"
          },
          {
            "source": "security@mozilla.org",
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/"
          }
        ],
        "sourceIdentifier": "security@mozilla.org",
        "vulnStatus": "Awaiting Analysis"
      }
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-2612 (GCVE-0-2024-2612)

Solution

Solution

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature