Lucene search

GoogleOSV:CVE-2024-5701

HistoryJun 11, 2024 - 1:15 p.m.

CVE-2024-5701

2024-06-1113:15:00

Google

osv.dev

memory safety

firefox

memory corruption

arbitrary code execution

cve-2024-5701

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

JSON

Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127.

References

bugzilla.mozilla.org/buglist.cgi?bug_id=1890909%2C1891422%2C1893915%2C1894047%2C1896024

ubuntu.com/security/CVE-2024-5701

ubuntu.com/security/notices/USN-6862-1

www.cve.org/CVERecord?id=CVE-2024-5701

www.mozilla.org/security/advisories/mfsa2024-25/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

JSON

Related for OSV:CVE-2024-5701