Lucene search

K

[email protected]NVD:CVE-2024-5688

HistoryJun 11, 2024 - 1:15 p.m.

CVE-2024-5688

2024-06-1113:15:50

CWE-416

[email protected]

web.nvd.nist.gov

2

firefox

use-after-free

object transplant

vulnerability

firefox esr

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

10.3%

If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

References

bugzilla.mozilla.org/show_bug.cgi?id=1895086

lists.debian.org/debian-lts-announce/2024/06/msg00000.html

lists.debian.org/debian-lts-announce/2024/06/msg00010.html

www.mozilla.org/security/advisories/mfsa2024-25/

www.mozilla.org/security/advisories/mfsa2024-26/

www.mozilla.org/security/advisories/mfsa2024-28/

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

10.3%

Related for NVD:CVE-2024-5688

ubuntucve1 cvelist1 debiancve1 cve1 alpinelinux1 wolfi1 vulnrichment1 redhatcve1 osv14 nessus52 almalinux4 openvas19 oraclelinux6 redhat18 rocky4 ubuntu2 mageia2 debian1 mozilla3 kaspersky3 slackware1