Lucene search

K

[email protected]NVD:CVE-2024-5700

HistoryJun 11, 2024 - 1:15 p.m.

CVE-2024-5700

2024-06-1113:15:51

CWE-786

CWE-788

[email protected]

web.nvd.nist.gov

9

firefox

thunderbird

memory safety

vulnerability

code execution

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0

Percentile

10.3%

Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

References

bugzilla.mozilla.org/buglist.cgi?bug_id=1862809%2C1889355%2C1893388%2C1895123

lists.debian.org/debian-lts-announce/2024/06/msg00000.html

lists.debian.org/debian-lts-announce/2024/06/msg00010.html

www.mozilla.org/security/advisories/mfsa2024-25/

www.mozilla.org/security/advisories/mfsa2024-26/

www.mozilla.org/security/advisories/mfsa2024-28/

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0

Percentile

10.3%

Related for NVD:CVE-2024-5700

osv22 cvelist1 wolfi1 vulnrichment1 alpinelinux1 redhatcve1 cve1 debiancve1 nessus57 amazon1 ubuntucve1 oraclelinux6 openvas21 redhat18 ubuntu2 mageia2 rocky4 almalinux4 debian1 kaspersky3 mozilla3 slackware1 gentoo1