
Published: 19/03/2024 Updated: 25/03/2024

Vulnerability Summary

To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9.

Vendor Advisories

Mozilla Foundation Security Advisory 2024-14 Security Vulnerabilities fixed in Thunderbird 1159 Announced March 19, 2024 Impact high Products Thunderbird Fixed in Thunderbird 1159 ...
Mozilla Foundation Security Advisory 2024-13 Security Vulnerabilities fixed in Firefox ESR 1159 Announced March 19, 2024 Impact high Products Firefox ESR Fixed in Firefox ESR 1159 ...
`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write This vulnerability affects Firefox &lt; 124, Firefox ESR &lt; 1159, and Thunderbird &lt; 1159 (CVE-2024-2608) Using a markup in ...
`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write This vulnerability affects Firefox &lt; 124, Firefox ESR &lt; 1159, and Thunderbird &lt; 1159 (CVE-2024-2608) Using a markup in ...