Lucene search

K

GoogleOSV:CVE-2024-7519

HistoryAug 06, 2024 - 1:15 p.m.

CVE-2024-7519

2024-08-0613:15:57

Google

osv.dev

graphics memory

memory corruption

sandbox escape

firefox

thunderbird

vulnerability

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

5.9

Confidence

Low

Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

References

bugzilla.mozilla.org/show_bug.cgi?id=1902307

security-tracker.debian.org/tracker/CVE-2024-7519

www.mozilla.org/security/advisories/mfsa2024-33/

www.mozilla.org/security/advisories/mfsa2024-34/

www.mozilla.org/security/advisories/mfsa2024-35/

www.mozilla.org/security/advisories/mfsa2024-37/

www.mozilla.org/security/advisories/mfsa2024-38/

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

5.9

Confidence

Low

Related for OSV:CVE-2024-7519

debiancve1 vulnrichment1 cvelist1 alpinelinux1 nvd1 wolfi1 ubuntucve1 redhatcve1 cve1 osv14 nessus46 mozilla5 kaspersky5 openvas14 amazon1 redos1 slackware1 almalinux4 ubuntu3 redhat17 oraclelinux4