Data Race Vulnerability in Firefox < 133
CVE-2024-11708

Currently unrated

Key Information:

Vendor
Mozilla
Status
Firefox
Thunderbird
Vendor
CVE Published:
26 November 2024

Summary

A vulnerability has been identified in Mozilla Firefox and Thunderbird caused by missing thread synchronization primitives. This issue can lead to a data race condition on members of the PlaybackParams structure, potentially compromising data integrity during operational processing. Users of Firefox versions earlier than 133 and Thunderbird versions earlier than 133 are advised to update to mitigate associated risks.

Affected Version(s)

Firefox < 133

Thunderbird < 133

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1922912
https://www.mozilla.org/security/advisories/mfsa2024-63/
https://www.mozilla.org/security/advisories/mfsa2024-67/

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Serban Stanca
.