Lucene search
FreeBSD5D7939F6-5989-11EF-9793-B42E991FC52EHistoryAug 06, 2024 - 12:00 a.m.
firefox -- multiple vulnerabilities
2024-08-0600:00:00
vuxml.freebsd.org
3
mozilla
nss
chacha20-poly1305
thunderbird
webassembly
indexeddb
use-after-free
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
6.9
Confidence
Low
[email protected] reports:
CVE-2024-7531: Calling `PK11_Encrypt()` in NSS using
CKM_CHACHA20 and the same buffer for input and output can
result in plaintext on an Intel Sandy Bridge processor. In
Firefox this only affects the QUIC header protection
feature when the connection is using the ChaCha20-Poly1305
cipher suite. The most likely outcome is connection
failure, but if the connection persists despite the high
packet loss it could be possible for a network observer to
identify packets as coming from the same source despite a
network path change. This vulnerability affects Firefox
< 129, Firefox ESR < 115.14, and Firefox ESR <
128.1.
CVE-2024-7529: The date picker could partially obscure
security prompts. This could be used by a malicious site
to trick a user into granting permissions. This
vulnerability affects Firefox < 129, Firefox ESR <
115.14, Firefox ESR < 128.1, Thunderbird < 128.1,
and Thunderbird < 115.14.
CVE-2024-7525: It was possible for a web extension with
minimal permissions to create a `StreamFilter` which could
be used to read and modify the response body of requests
on any site. This vulnerability affects Firefox < 129,
Firefox ESR < 115.14, Firefox ESR < 128.1,
Thunderbird < 128.1, and Thunderbird < 115.14.
CVE-2024-7522: Editor code failed to check an attribute
value. This could have led to an out-of-bounds read. This
vulnerability affects Firefox < 129, Firefox ESR <
115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and
Thunderbird < 115.14.
CVE-2024-7520: A type confusion bug in WebAssembly could
be leveraged by an attacker to potentially achieve code
execution. This vulnerability affects Firefox < 129,
Firefox ESR < 128.1, and Thunderbird < 128.1.
CVE-2024-7521: Incomplete WebAssembly exception handing
could have led to a use-after-free. This vulnerability
affects Firefox < 129, Firefox ESR < 115.14,
Firefox ESR < 128.1, Thunderbird < 128.1, and
Thunderbird < 115.14.
CVE-2024-7530: Incorrect garbage collection interaction
could have led to a use-after-free. This vulnerability
affects Firefox < 129.
CVE-2024-7528: Incorrect garbage collection interaction in
IndexedDB could have led to a use-after-free. This
vulnerability affects Firefox < 129,
Firefox ESR < 128.1, and Thunderbird < 128.1.
CVE-2024-7527: Unexpected marking work at the start of
sweeping could have led to a use-after-free. This
vulnerability affects Firefox < 129,
Firefox ESR < 115.14, Firefox ESR < 128.1,
Thunderbird < 128.1, and Thunderbird < 115.14.
References
nvd.nist.gov/vuln/detail/CVE-2024-7520
nvd.nist.gov/vuln/detail/CVE-2024-7521
nvd.nist.gov/vuln/detail/CVE-2024-7522
nvd.nist.gov/vuln/detail/CVE-2024-7525
nvd.nist.gov/vuln/detail/CVE-2024-7527
nvd.nist.gov/vuln/detail/CVE-2024-7528
nvd.nist.gov/vuln/detail/CVE-2024-7529
nvd.nist.gov/vuln/detail/CVE-2024-7530
nvd.nist.gov/vuln/detail/CVE-2024-7531
Related
nessus
nessus
FreeBSD : firefox -- multiple vulnerabilities (5d7939f6-5989-11ef-9793-b42e991fc52e)
2024-08-14 00:00:00
Ubuntu 20.04 LTS : Firefox regressions (USN-6966-2)
2024-08-21 00:00:00
Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6966-1)
2024-08-19 00:00:00
osv
osv
firefox regressions
2024-08-21 00:20:05
firefox vulnerabilities
2024-08-19 03:36:06
Important: thunderbird security update
2024-08-14 00:00:00
openvas
openvas
Mozilla Firefox Security Update (mfsa_2024-33) - Mac OS X
2024-08-29 00:00:00
Ubuntu: Security Advisory (USN-6966-2)
2024-08-21 00:00:00
Mozilla Firefox Security Update (mfsa_2024-33) - Windows
2024-08-29 00:00:00
ubuntu
ubuntu
Firefox regressions
2024-08-21 00:00:00
Firefox vulnerabilities
2024-08-19 00:00:00
Thunderbird vulnerabilities
2024-09-09 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Thunderbird 128.1 — Mozilla
2024-08-06 00:00:00
Security Vulnerabilities fixed in Firefox ESR 128.1 — Mozilla
2024-08-06 00:00:00
Security Vulnerabilities fixed in Firefox 129 — Mozilla
2024-08-06 00:00:00
redhat
redhat
(RHSA-2024:5527) Important: thunderbird security update
2024-08-19 00:59:41
(RHSA-2024:5325) Important: firefox security update
2024-08-13 16:11:35
(RHSA-2024:5328) Important: firefox security update
2024-08-13 16:11:53
kaspersky
kaspersky
KLA71399 Multiple vulnerabilities in Mozilla Firefox ESR
2024-08-06 00:00:00
KLA71401 Multiple vulnerabilities in Mozilla Thunderbird
2024-08-06 00:00:00
KLA71397 Multiple vulnerabilities in Mozilla Firefox
2024-08-06 00:00:00
almalinux
almalinux
Important: thunderbird security update
2024-08-14 00:00:00
Important: thunderbird security update
2024-08-14 00:00:00
Important: firefox security update
2024-08-15 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2024-08-14 00:00:00
thunderbird security update
2024-08-14 00:00:00
firefox security update
2024-08-14 00:00:00
redos
redos
ROS-20240828-03
2024-08-28 00:00:00
slackware
slackware
[slackware-security] mozilla-firefox
2024-08-07 04:09:07
amazon
amazon
Important: thunderbird
2024-08-28 19:04:00
alpinelinux
alpinelinux
nvd
nvd
debiancve
debiancve
cvelist
cvelist
wolfi
wolfi
CVE-2024-7530 vulnerabilities
2024-09-19 09:11:50
CVE-2024-7531 vulnerabilities
2024-09-19 09:11:50
CVE-2024-7527 vulnerabilities
2024-09-19 09:11:50
ubuntucve
ubuntucve
vulnrichment
vulnrichment
redhatcve
redhatcve
cve
cve
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
6.9
Confidence
Low
Related for 5D7939F6-5989-11EF-9793-B42E991FC52E