CVE-2024-7519

2024-08-0613:15:57

CWE-787

[email protected]

web.nvd.nist.gov

graphics memory corruption

sandbox escape

firefox vulnerability

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

34.9%

JSON

Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

Affected configurations

Nvd

Node

mozillafirefoxRange<129.0

mozillafirefox_esrRange<115.14.0

mozillafirefox_esrMatch128.0

mozillathunderbirdRange<115.14.0

mozillathunderbirdMatch128.0.1

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox_esr*cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
mozillafirefox_esr128.0cpe:2.3:a:mozilla:firefox_esr:128.0:*:*:*:*:*:*:*
mozillathunderbird*cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
mozillathunderbird128.0.1cpe:2.3:a:mozilla:thunderbird:128.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox_esr	*	cpe:2.3:a:mozilla:firefox_esr::::::::
mozilla	firefox_esr	128.0	cpe:2.3:a:mozilla:firefox_esr:128.0:::::::*
mozilla	thunderbird	*	cpe:2.3:a:mozilla:thunderbird::::::::
mozilla	thunderbird	128.0.1	cpe:2.3:a:mozilla:thunderbird:128.0.1:::::::*