Lucene search

[email protected]NVD:CVE-2024-8394

HistorySep 06, 2024 - 5:15 p.m.

CVE-2024-8394

2024-09-0617:15:18

CWE-416

[email protected]

web.nvd.nist.gov

otr chat session

use-after-free bug

exploitable crash

thunderbird 128.2

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.7%

JSON

When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2.

Affected configurations

Nvd

Node

mozillathunderbirdRange<128.2.0

VendorProductVersionCPE
mozillathunderbird*cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	thunderbird	*	cpe:2.3:a:mozilla:thunderbird::::::::

References

bugzilla.mozilla.org/show_bug.cgi?id=1895737

www.mozilla.org/security/advisories/mfsa2024-43/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.7%

JSON

Related for NVD:CVE-2024-8394

vulnrichment1 cvelist1 alpinelinux1 redhatcve1 cve1 osv2 debiancve1 mozilla1 nessus11 kaspersky1 redhat8 rocky1 oraclelinux2