Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-2614

Published: 19/03/2024 Updated: 25/03/2024

Vulnerability Summary

Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

Vendor Advisories

Amazon Linux 2: ALASFIREFOX-2024-023
`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write This vulnerability affects Firefox &lt; 124, Firefox ESR &lt; 1159, and Thunderbird &lt; 1159 (CVE-2024-2608) Using a markup in ...
Amazon Linux 2: ALAS-2024-2505
`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write This vulnerability affects Firefox &lt; 124, Firefox ESR &lt; 1159, and Thunderbird &lt; 1159 (CVE-2024-2608) Using a markup in ...
Mozilla: Security Vulnerabilities fixed in Thunderbird 115.9
Mozilla Foundation Security Advisory 2024-14 Security Vulnerabilities fixed in Thunderbird 1159 Announced March 19, 2024 Impact high Products Thunderbird Fixed in Thunderbird 1159 ...
Mozilla: Security Vulnerabilities fixed in Firefox ESR 115.9
Mozilla Foundation Security Advisory 2024-13 Security Vulnerabilities fixed in Firefox ESR 1159 Announced March 19, 2024 Impact high Products Firefox ESR Fixed in Firefox ESR 1159 ...
Mozilla: Security Vulnerabilities fixed in Firefox 124
Mozilla Foundation Security Advisory 2024-12 Security Vulnerabilities fixed in Firefox 124 Announced March 19, 2024 Impact high Products Firefox Fixed in Firefox 124 ...

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1685358%2C1861016%2C1880405%2C1881093https://www.mozilla.org/security/advisories/mfsa2024-12/https://www.mozilla.org/security/advisories/mfsa2024-13/https://www.mozilla.org/security/advisories/mfsa2024-14/https://lists.debian.org/debian-lts-announce/2024/03/msg00022.htmlhttps://lists.debian.org/debian-lts-announce/2024/03/msg00028.htmlhttps://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALASFIREFOX-2024-023.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook