Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
History

Wed, 22 Jan 2025 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Debian
Debian debian Linux
Mozilla
Mozilla firefox
Mozilla thunderbird
Weaknesses CWE-787
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Vendors & Products Debian
Debian debian Linux
Mozilla
Mozilla firefox
Mozilla thunderbird
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2024-05-14T17:21:24.864Z

Updated: 2024-08-01T20:55:09.343Z

Reserved: 2024-05-10T17:37:25.404Z

Link: CVE-2024-4777

cve-icon Vulnrichment

Updated: 2024-08-01T20:55:09.343Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-14T18:15:16.413

Modified: 2025-01-22T16:45:18.820

Link: CVE-2024-4777

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-05-14T00:00:00Z

Links: CVE-2024-4777 - Bugzilla