Lucene search

GoogleOSV:CVE-2024-6606

HistoryJul 10, 2024 - 12:00 a.m.

CVE-2024-6606

2024-07-1000:00:00

Google

osv.dev

clipboard

array access

vulnerability

firefox

thunderbird

software

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

JSON

Clipboard code failed to check the index on an array access. This could have lead to an out-of-bounds read. This vulnerability affects Firefox < 128 and Thunderbird < 128.

References

bugzilla.mozilla.org/show_bug.cgi?id=1902305

ubuntu.com/security/CVE-2024-6606

ubuntu.com/security/notices/USN-6890-1

www.cve.org/CVERecord?id=CVE-2024-6606

www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6606

www.mozilla.org/security/advisories/mfsa2024-29/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

JSON

Related for OSV:CVE-2024-6606