Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-3861HistoryApr 16, 2024 - 4:15 p.m.
CVE-2024-3861
2024-04-1616:15:08
Debian Security Bug Tracker
security-tracker.debian.org
14
alignedbuffer
reference count
use-after-free
firefox
vulnerability
unix
4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.4 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.5%
If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 999 | all | firefox | < 125.0.1-1 | firefox_125.0.1-1_all.deb |
| Debian | 12 | all | firefox-esr | < 115.10.0esr-1~deb12u1 | firefox-esr_115.10.0esr-1~deb12u1_all.deb |
| Debian | 11 | all | firefox-esr | < 115.10.0esr-1~deb11u1 | firefox-esr_115.10.0esr-1~deb11u1_all.deb |
| Debian | 999 | all | firefox-esr | < 115.10.0esr-1 | firefox-esr_115.10.0esr-1_all.deb |
| Debian | 13 | all | firefox-esr | < 115.10.0esr-1 | firefox-esr_115.10.0esr-1_all.deb |
| Debian | 12 | all | thunderbird | < 1:115.10.1-1~deb12u1 | thunderbird_1:115.10.1-1~deb12u1_all.deb |
| Debian | 11 | all | thunderbird | < 1:115.10.1-1~deb11u1 | thunderbird_1:115.10.1-1~deb11u1_all.deb |
| Debian | 999 | all | thunderbird | < 1:115.10.1-1 | thunderbird_1:115.10.1-1_all.deb |
| Debian | 13 | all | thunderbird | < 1:115.10.1-1 | thunderbird_1:115.10.1-1_all.deb |
Related
cvelist
cvelist
CVE-2024-3861
2024-04-16 15:14:08
cgr
cgr
CVE-2024-3861 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Use-After-Free
2024-04-19 01:20:50
ubuntucve
ubuntucve
CVE-2024-3861
2024-04-16 00:00:00
vulnrichment
vulnrichment
CVE-2024-3861
2024-04-16 15:14:08
redhatcve
redhatcve
CVE-2024-3861
2024-04-18 10:00:18
cve
cve
CVE-2024-3861
2024-04-16 16:15:08
nvd
nvd
CVE-2024-3861
2024-04-16 16:15:08
rocky
rocky
firefox security update
2024-05-06 13:04:21
firefox security update
2024-05-10 14:32:42
nessus
nessus
Amazon Linux 2 : firefox (ALASFIREFOX-2024-024)
2024-04-30 00:00:00
Oracle Linux 9 : firefox (ELSA-2024-1908)
2024-04-19 00:00:00
Oracle Linux 8 : firefox (ELSA-2024-1912)
2024-04-20 00:00:00
oraclelinux
oraclelinux
firefox security update
2024-04-19 00:00:00
firefox security update
2024-04-19 00:00:00
firefox security update
2024-04-18 00:00:00
osv
osv
Important: firefox security update
2024-04-18 00:00:00
Important: firefox security update
2024-05-06 13:04:21
Important: firefox security update
2024-05-10 14:32:42
almalinux
almalinux
Important: firefox security update
2024-04-18 00:00:00
Important: firefox security update
2024-04-18 00:00:00
redhat
redhat
(RHSA-2024:1909) Important: firefox security update
2024-04-18 09:05:52
(RHSA-2024:1941) Low: thunderbird security update
2024-04-22 08:00:42
(RHSA-2024:1940) Low: thunderbird security update
2024-04-22 08:00:35
debian
debian
[SECURITY] [DSA 5663-1] firefox-esr security update
2024-04-17 17:21:09
[SECURITY] [DSA 5670-1] thunderbird security update
2024-04-22 07:42:03
[SECURITY] [DLA 3790-1] firefox-esr security update
2024-04-19 10:39:37
openvas
openvas
Debian: Security Advisory (DSA-5670-1)
2024-04-22 00:00:00
Debian: Security Advisory (DLA-3791-1)
2024-04-22 00:00:00
Debian: Security Advisory (DSA-5663-1)
2024-04-18 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2024-04-25 00:00:00
Firefox vulnerabilities
2024-04-24 00:00:00
Firefox regressions
2024-05-02 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Thunderbird 115.10 — Mozilla
2024-04-16 00:00:00
Security Vulnerabilities fixed in Firefox ESR 115.10 — Mozilla
2024-04-16 00:00:00
Security Vulnerabilities fixed in Firefox 125 — Mozilla
2024-04-16 00:00:00
mageia
mageia
Updated thunderbird packages fix security vulnerabilities
2024-04-27 03:37:18
Updated firefox packages fix security vulnerabilities
2024-04-27 09:26:16
slackware
slackware
[slackware-security] mozilla-firefox
2024-04-16 18:53:34
kaspersky
kaspersky
KLA65693 Multiple vulnerabilities in Mozilla Thunderbird
2024-04-16 00:00:00
KLA65640 Multiple vulnerabilities in Mozilla Firefox ESR
2024-04-16 00:00:00
KLA65639 Multiple vulnerabilities in Mozilla Firefox
2024-04-16 00:00:00
gentoo
gentoo
Mozilla Thunderbird: Multiple Vulnerabilities
2024-05-12 00:00:00
4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.4 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.5%
Related for DEBIANCVE:CVE-2024-3861