Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write This vulnerability affects Firefox < 124, Firefox ESR < 1159, and Thunderbird < 1159 (CVE-2024-2608)
Using a markup in ...
`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write This vulnerability affects Firefox < 124, Firefox ESR < 1159, and Thunderbird < 1159 (CVE-2024-2608)
Using a markup in ...
Mozilla Foundation Security Advisory 2024-14
Security Vulnerabilities fixed in Thunderbird 1159
Announced
March 19, 2024
Impact
high
Products
Thunderbird
Fixed in
Thunderbird 1159
...
Mozilla Foundation Security Advisory 2024-13
Security Vulnerabilities fixed in Firefox ESR 1159
Announced
March 19, 2024
Impact
high
Products
Firefox ESR
Fixed in
Firefox ESR 1159
...
Mozilla Foundation Security Advisory 2024-12
Security Vulnerabilities fixed in Firefox 124
Announced
March 19, 2024
Impact
high
Products
Firefox
Fixed in
Firefox 124
...