Lucene search

K

[email protected]NVD:CVE-2024-3859

HistoryApr 16, 2024 - 4:15 p.m.

CVE-2024-3859

2024-04-1616:15:08

CWE-125

CWE-190

[email protected]

web.nvd.nist.gov

8

32-bit

integer-overflow

opentype

firefox

thunderbird

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N

AI Score

5.4

Confidence

Low

EPSS

0

Percentile

10.3%

On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

References

bugzilla.mozilla.org/show_bug.cgi?id=1874489

lists.debian.org/debian-lts-announce/2024/04/msg00012.html

lists.debian.org/debian-lts-announce/2024/04/msg00013.html

www.mozilla.org/security/advisories/mfsa2024-18/

www.mozilla.org/security/advisories/mfsa2024-19/

www.mozilla.org/security/advisories/mfsa2024-20/

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N

AI Score

5.4

Confidence

Low

EPSS

0

Percentile

10.3%

Related for NVD:CVE-2024-3859

cve1 vulnrichment1 cvelist1 ubuntucve1 debiancve1 veracode1 cgr1 osv16 redhatcve1 gentoo3 rocky2 nessus53 oraclelinux3 almalinux2 debian4 redhat18 ubuntu3 openvas22 mozilla3 mageia2 kaspersky3 slackware1 ibm1