Memory Safety Bugs Affecting Firefox and Thunderbird
CVE-2024-10467

8.8HIGH

Key Information:

Vendor

Mozilla
Status
Firefox
Firefox Esr
Thunderbird
Vendor
CVE Published:
29 October 2024

What is CVE-2024-10467?

This vulnerability arises from memory safety issues detected in specific versions of Firefox and Thunderbird. The identified bugs contain evidence of memory corruption, indicating the possibility of exploitation that could allow attackers to execute arbitrary code. The affected versions, including Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3, expose users to risks if not updated to the latest versions, which address these vulnerabilities. Users are strongly advised to upgrade to Firefox 132, Firefox ESR 128.4, or Thunderbird 132 to mitigate the potential risks associated with these vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Firefox < 132

Firefox ESR < 128.4

Thunderbird < 128.4

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1829029%2...
https://www.mozilla.org/security/advisories/mfsa2024-55/
https://www.mozilla.org/security/advisories/mfsa2024-56/

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Andrew McCreight, the Mozilla Fuzzing Team
JSON
.