Lucene search

[email protected]NVD:CVE-2024-3854

HistoryApr 16, 2024 - 4:15 p.m.

CVE-2024-3854

2024-04-1616:15:08

CWE-125

[email protected]

web.nvd.nist.gov

firefox

thunderbird

out-of-bounds-reads

vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

5.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.5%

JSON

In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

References

bugzilla.mozilla.org/show_bug.cgi?id=1884552

lists.debian.org/debian-lts-announce/2024/04/msg00012.html

lists.debian.org/debian-lts-announce/2024/04/msg00013.html

www.mozilla.org/security/advisories/mfsa2024-18/

www.mozilla.org/security/advisories/mfsa2024-19/

www.mozilla.org/security/advisories/mfsa2024-20/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

5.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.5%

JSON

Related for NVD:CVE-2024-3854

vulnrichment1 debiancve1 cgr1 cve1 redhatcve1 cvelist1 ubuntucve1 veracode1 oraclelinux3 osv13 nessus51 rocky2 almalinux2 redhat18 openvas22 debian4 ubuntu3 mageia2 mozilla3 slackware1 kaspersky3 gentoo1