By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
History

Mon, 04 Nov 2024 13:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Fri, 01 Nov 2024 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Els
Redhat rhel Eus
Redhat rhel Tus
CPEs cpe:/a:redhat:enterprise_linux:8
cpe:/a:redhat:enterprise_linux:9
cpe:/a:redhat:rhel_aus:8.2
cpe:/a:redhat:rhel_aus:8.4
cpe:/a:redhat:rhel_aus:8.6
cpe:/a:redhat:rhel_e4s:8.4
cpe:/a:redhat:rhel_e4s:8.6
cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_eus:8.8
cpe:/a:redhat:rhel_eus:9.2
cpe:/a:redhat:rhel_tus:8.4
cpe:/a:redhat:rhel_tus:8.6
cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat
Redhat enterprise Linux
Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Els
Redhat rhel Eus
Redhat rhel Tus

Wed, 30 Oct 2024 01:45:00 +0000

Type Values Removed Values Added
Title firefox: DOM push subscription message could hang Firefox
Weaknesses CWE-400
References
Metrics threat_severity

None

threat_severity

Low


Tue, 29 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Mozilla firefox Esr
Mozilla thunderbird
Weaknesses CWE-89
CPEs cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:-:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*
Vendors & Products Mozilla
Mozilla firefox
Mozilla firefox Esr
Mozilla thunderbird
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 29 Oct 2024 12:30:00 +0000

Type Values Removed Values Added
Description By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2024-10-29T12:19:17.005Z

Updated: 2024-11-13T13:42:46.751Z

Reserved: 2024-10-28T14:23:22.431Z

Link: CVE-2024-10466

cve-icon Vulnrichment

Updated: 2024-10-29T14:39:38.803Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-29T13:15:04.273

Modified: 2024-11-04T13:29:51.947

Link: CVE-2024-10466

cve-icon Redhat

Severity : Low

Publid Date: 2024-10-29T12:19:17Z

Links: CVE-2024-10466 - Bugzilla