Buffer Overflow

2024-02-2204:15:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

buffer overflow

memory safety

memory corruption

arbitrary code

exploitation

software

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

JSON

Firefox and Thunderbird are vulnerable to Buffer Overflow. The vulnerability is due to memory safety issues, some of which indicate evidence of memory corruption. It is presumed that with sufficient effort, these bugs could be exploited to execute arbitrary code.

CPENameOperatorVersion
firefox-esr:bullseyeeq78.5.0esr-1
firefox:sideq81.0-2
firefox:sideq83.0-1
firefox:sideq82.0.3-1
firefox-esr:sideq78.8.0esr-1
firefox-esr:sideq78.5.0esr-1
thunderbird:sideq1:78.5.0-1
thunderbird:bullseyeeq1:78.5.0-1
firefox-esr:bustereq68.12.0esr-1~deb10u1
firefox-esr:bustereq78.11.0esr-1~deb10u1

Name	Operator	Version
firefox-esr:bullseye	eq	78.5.0esr-1
firefox:sid	eq	81.0-2
firefox:sid	eq	83.0-1
firefox:sid	eq	82.0.3-1
firefox-esr:sid	eq	78.8.0esr-1
firefox-esr:sid	eq	78.5.0esr-1
thunderbird:sid	eq	1:78.5.0-1
thunderbird:bullseye	eq	1:78.5.0-1
firefox-esr:buster	eq	68.12.0esr-1~deb10u1
firefox-esr:buster	eq	78.11.0esr-1~deb10u1

Rows per page:

1-10 of 621

References

bugzilla.mozilla.org/buglist.cgi?bug_id=1855686%2C1867982%2C1871498%2C1872296%2C1873521%2C1873577%2C1873597%2C1873866%2C1874080%2C1874740%2C1875795%2C1875906%2C1876425%2C1878211%2C1878286

lists.debian.org/debian-lts-announce/2024/03/msg00000.html

lists.debian.org/debian-lts-announce/2024/03/msg00001.html

security-tracker.debian.org/tracker/CVE-2024-1553

www.mozilla.org/security/advisories/mfsa2024-05/

www.mozilla.org/security/advisories/mfsa2024-06/

www.mozilla.org/security/advisories/mfsa2024-07/