Lucene search
Ubuntu.comUB:CVE-2024-2605HistoryMar 19, 2024 - 12:00 a.m.
CVE-2024-2605
2024-03-1900:00:00
ubuntu.com
ubuntu.com
10
cve-2024-2605
windows error reporter
arbitrary code
sandbox escape
firefox < 124
firefox esr < 115.9
thunderbird < 115.9
mozjs
spidermonkey javascript engine
ubuntu 22.04
firefox snap
unix
An attacker could have leveraged the Windows Error Reporter to run
arbitrary code on the system escaping the sandbox. Note: This issue only
affected Windows operating systems. Other operating systems are unaffected.
This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and
Thunderbird < 115.9.
Notes
| Author | Note |
|---|---|
| tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
| mdeslaur | starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 22.04 | noarch | mozjs102 | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | mozjs102 | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | mozjs102 | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | mozjs38 | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | mozjs52 | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | mozjs52 | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | mozjs68 | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | mozjs78 | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | mozjs91 | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | thunderbird | < any | UNKNOWN |
References
bugzilla.mozilla.org/show_bug.cgi?id=1872920
launchpad.net/bugs/cve/CVE-2024-2605
nvd.nist.gov/vuln/detail/CVE-2024-2605
security-tracker.debian.org/tracker/CVE-2024-2605
www.cve.org/CVERecord?id=CVE-2024-2605
www.mozilla.org/security/advisories/mfsa2024-12/
www.mozilla.org/security/advisories/mfsa2024-13/
www.mozilla.org/security/advisories/mfsa2024-14/
Related
redhatcve
redhatcve
CVE-2024-2605
2024-03-21 11:00:58
nvd
nvd
CVE-2024-2605
2024-03-19 12:15:08
alpinelinux
alpinelinux
CVE-2024-2605
2024-03-19 12:15:08
cgr
cgr
CVE-2024-2605 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Arbitrary Code Execution
2024-04-10 21:52:28
debiancve
debiancve
CVE-2024-2605
2024-03-19 12:15:08
cvelist
cvelist
CVE-2024-2605
2024-03-19 12:02:51
cve
cve
CVE-2024-2605
2024-03-19 12:15:08
cnvd
cnvd
Code execution vulnerability in multiple Mozilla products (CNVD-2024-14974)
2024-03-21 00:00:00
openvas
openvas
Mozilla Thunderbird Security Update (mfsa_2024-14) - Windows
2024-03-25 00:00:00
Mozilla Firefox ESR Security Update (mfsa_2024-13) - Windows
2024-03-25 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0971-1)
2024-05-07 00:00:00
nessus
nessus
Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2024-079-02)
2024-03-19 00:00:00
Fedora 39 : thunderbird (2024-9f8235fb21)
2024-03-20 00:00:00
Fedora 38 : thunderbird (2024-5d080305ab)
2024-03-27 00:00:00
slackware
slackware
[slackware-security] mozilla-thunderbird
2024-03-20 00:28:21
[slackware-security] mozilla-firefox
2024-03-20 00:27:50
mozilla
mozilla
Security Vulnerabilities fixed in Thunderbird 115.9 — Mozilla
2024-03-19 00:00:00
Security Vulnerabilities fixed in Firefox ESR 115.9 — Mozilla
2024-03-19 00:00:00
Security Vulnerabilities fixed in Firefox 124 — Mozilla
2024-03-19 00:00:00
kaspersky
kaspersky
KLA65225 Multiple vulnerabilities in Mozilla Firefox ESR
2024-03-19 00:00:00
KLA65226 Multiple vulnerabilities in Mozilla Thunderbird
2024-03-19 00:00:00
KLA65224 Multiple vulnerabilities in Mozilla Firefox
2024-03-19 00:00:00