Memory Safety Bugs Affecting Firefox and Thunderbird
CVE-2024-10467

8.8HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 29 October 2024

Summary

This vulnerability arises from memory safety issues detected in specific versions of Firefox and Thunderbird. The identified bugs contain evidence of memory corruption, indicating the possibility of exploitation that could allow attackers to execute arbitrary code. The affected versions, including Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3, expose users to risks if not updated to the latest versions, which address these vulnerabilities. Users are strongly advised to upgrade to Firefox 132, Firefox ESR 128.4, or Thunderbird 132 to mitigate the potential risks associated with these vulnerabilities.

Affected Version(s)

Firefox < 132

Firefox ESR < 128.4

Thunderbird < 128.4

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1829029%2...

https://www.mozilla.org/security/advisories/mfsa2024-55/

https://www.mozilla.org/security/advisories/mfsa2024-56/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 29, 2024
Vulnerability Reserved
Oct 28, 2024

Credit

Andrew McCreight, the Mozilla Fuzzing Team