Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of
these bugs showed evidence of memory corruption and we presume that with
enough effort some of these could have been exploited to run arbitrary
code. This vulnerability affects Firefox < 128 and Thunderbird < 128.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
mdeslaur | starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap starting with Ubuntu 24.04, the thunderbird package is just a script that installs the Thunderbird snap |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | firefox | < 128.0+build2-0ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | mozjs102 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | mozjs102 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | mozjs38 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | mozjs52 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | mozjs52 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | mozjs68 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | mozjs78 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | mozjs91 | < any | UNKNOWN |
bugzilla.mozilla.org/buglist.cgi?bug_id=1892875%2C1894428%2C1898364
launchpad.net/bugs/cve/CVE-2024-6615
nvd.nist.gov/vuln/detail/CVE-2024-6615
security-tracker.debian.org/tracker/CVE-2024-6615
ubuntu.com/security/notices/USN-6890-1
www.cve.org/CVERecord?id=CVE-2024-6615
www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6615
www.mozilla.org/security/advisories/mfsa2024-29/