CVE-2024-2615 - Vulnerability Details - OpenCVE

Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00207.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Mozilla Subscribe	Firefox Subscribe

Configuration 1 [-]

cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-27564	Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124.
Ubuntu USN	USN-6703-1	Firefox vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1881074%2C1882438%2C1881650
https://www.mozilla.org/security/advisories/mfsa2024-12/

History

Fri, 14 Mar 2025 16:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:mozilla:firefox::::::::
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 25 Feb 2025 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mozilla Mozilla firefox
Weaknesses		CWE-787
CPEs		cpe:2.3:a:mozilla:firefox:::::-:::*
Vendors & Products		Mozilla Mozilla firefox

Wed, 28 Aug 2024 16:00:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2024-03-19T12:02:57.807Z

Updated: 2025-03-14T15:58:52.764Z

Reserved: 2024-03-18T16:22:38.289Z

Link: CVE-2024-2615

Vulnrichment

Updated: 2024-08-01T19:18:47.946Z

NVD

Status : Modified

Published: 2024-03-19T12:15:09.210

Modified: 2025-03-14T16:15:30.527

Link: CVE-2024-2615

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-787

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2615", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2024-03-18T16:22:38.289Z", "datePublished": "2024-03-19T12:02:57.807Z", "dateUpdated": "2025-03-14T15:58:52.764Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "124", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124."}]}], "problemTypes": [{"descriptions": [{"description": "Memory safety bugs fixed in Firefox 124", "lang": "en", "type": "text"}]}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1881074%2C1882438%2C1881650", "name": "Memory safety bugs fixed in Firefox 124"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-12/"}], "credits": [{"lang": "en", "value": "Paul Bone and the Mozilla Fuzzing Team"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2024-03-19T19:07:24.248Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:18:47.946Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1881074%2C1882438%2C1881650", "name": "Memory safety bugs fixed in Firefox 124", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-12/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "affected": [{"vendor": "mozilla", "product": "firefox", "cpes": ["cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "124", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-03-19T14:54:46.797179Z", "id": "CVE-2024-2615", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-14T15:58:52.764Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1881074%2C1882438%2C1881650", "name": "Memory safety bugs fixed in Firefox 124", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-12/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:18:47.946Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-2615", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-19T14:54:46.797179Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"], "vendor": "mozilla", "product": "firefox", "versions": [{"status": "affected", "version": "0", "lessThan": "124", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T14:48:21.155Z"}}], "cna": {"credits": [{"lang": "en", "value": "Paul Bone and the Mozilla Fuzzing Team"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "124", "versionType": "custom"}]}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1881074%2C1882438%2C1881650", "name": "Memory safety bugs fixed in Firefox 124"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-12/"}], "descriptions": [{"lang": "en", "value": "Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124.", "supportingMedia": [{"type": "text/html", "value": "Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Memory safety bugs fixed in Firefox 124"}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2024-03-19T19:07:24.248Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2615", "state": "PUBLISHED", "dateUpdated": "2025-03-14T15:58:52.764Z", "dateReserved": "2024-03-18T16:22:38.289Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2024-03-19T12:02:57.807Z", "assignerShortName": "mozilla"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "AA5A5703-41D3-40FB-835D-19DDCAFF384B", "versionEndExcluding": "124.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124."}, {"lang": "es", "value": "Errores de seguridad de la memoria presentes en Firefox 123. Algunos de estos errores mostraron evidencia de corrupci\u00f3n de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podr\u00edan haberse aprovechado para ejecutar c\u00f3digo arbitrario. Esta vulnerabilidad afecta a Firefox < 124."}], "id": "CVE-2024-2615", "lastModified": "2025-03-14T16:15:30.527", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-19T12:15:09.210", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1881074%2C1882438%2C1881650"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1881074%2C1882438%2C1881650"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}