Memory Safety Bugs Affect Firefox and Thunderbird
CVE-2024-8387

9.8CRITICAL

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 3 September 2024

Summary

Memory safety vulnerabilities have been identified in Mozilla Firefox versions 129 and ESR 128.1, as well as Thunderbird 128.1. These vulnerabilities may lead to memory corruption, creating a potential attack vector for arbitrary code execution. Users on affected versions should consider upgrading to Firefox 130, Firefox ESR 128.2, or Thunderbird 128.2 to mitigate the risk associated with these memory safety issues.

Affected Version(s)

Firefox < 130

Firefox ESR < 128.2

Thunderbird < 128.2

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1857607%2...

https://www.mozilla.org/security/advisories/mfsa2024-39/

https://www.mozilla.org/security/advisories/mfsa2024-40/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 3, 2024
Vulnerability Reserved
Sep 3, 2024

Credit

the Mozilla Fuzzing Team, Yury Delendik