To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9.
`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write This vulnerability affects Firefox < 124, Firefox ESR < 1159, and Thunderbird < 1159 (CVE-2024-2608)
Using a markup in ...
`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write This vulnerability affects Firefox < 124, Firefox ESR < 1159, and Thunderbird < 1159 (CVE-2024-2608)
Using a markup in ...
Mozilla Foundation Security Advisory 2024-14
Security Vulnerabilities fixed in Thunderbird 1159
Announced
March 19, 2024
Impact
high
Products
Thunderbird
Fixed in
Thunderbird 1159
...
Mozilla Foundation Security Advisory 2024-13
Security Vulnerabilities fixed in Firefox ESR 1159
Announced
March 19, 2024
Impact
high
Products
Firefox ESR
Fixed in
Firefox ESR 1159
...