Lucene search

K

Veracode Vulnerability DatabaseVERACODE:45580

HistoryFeb 22, 2024 - 4:15 a.m.

Buffer Overflow

2024-02-2204:15:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

15

buffer overflow

memory safety

memory corruption

arbitrary code

exploitation

software

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0

Percentile

10.3%

Firefox and Thunderbird are vulnerable to Buffer Overflow. The vulnerability is due to memory safety issues, some of which indicate evidence of memory corruption. It is presumed that with sufficient effort, these bugs could be exploited to execute arbitrary code.

References

bugzilla.mozilla.org/buglist.cgi?bug_id=1855686%2C1867982%2C1871498%2C1872296%2C1873521%2C1873577%2C1873597%2C1873866%2C1874080%2C1874740%2C1875795%2C1875906%2C1876425%2C1878211%2C1878286

lists.debian.org/debian-lts-announce/2024/03/msg00000.html

lists.debian.org/debian-lts-announce/2024/03/msg00001.html

security-tracker.debian.org/tracker/CVE-2024-1553

www.mozilla.org/security/advisories/mfsa2024-05/

www.mozilla.org/security/advisories/mfsa2024-06/

www.mozilla.org/security/advisories/mfsa2024-07/

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0

Percentile

10.3%