Vulnerability CVE-2024-0755: Information

Description

Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2024-0755
Published: Jan. 23, 2024
Modified: Feb. 2, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus122.0-alt1125.0.2-alt1ALT-PU-2024-1368-1338897Fixed
firefoxsisyphus_riscv64122.0.1-alt0.port124.0.1-alt0.portALT-PU-2024-2222-1-Fixed
firefoxsisyphus_loongarch64123.0-alt1.0.port125.0.1-alt1.0.portALT-PU-2024-3000-1-Fixed
firefox-esrsisyphus115.7.0-alt1115.10.0-alt1ALT-PU-2024-1783-2339728Fixed
firefox-esrsisyphus_loongarch64115.7.0-alt2115.10.0-alt1ALT-PU-2024-1967-1-Fixed
firefox-esrp10115.7.0-alt1115.10.0-alt1ALT-PU-2024-1792-2339729Fixed
firefox-esrc10f1115.8.0-alt0.c10.1115.9.1-alt0.c10.1ALT-PU-2024-3614-2340631Fixed
thunderbirdsisyphus115.7.0-alt1115.9.0-alt1ALT-PU-2024-1788-2339732Fixed
thunderbirdsisyphus_loongarch64115.7.0-alt1115.9.0-alt1ALT-PU-2024-1802-1-Fixed
thunderbirdp10115.8.1-alt1115.9.0-alt1ALT-PU-2024-3860-2342581Fixed
thunderbirdc10f1115.8.1-alt0.c10.1115.9.0-alt0.c10.1ALT-PU-2024-4748-2343092Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7
  • Issue Tracking
  • Permissions Required
https://www.mozilla.org/security/advisories/mfsa2024-01/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-02/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-04/
  • Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
  • Mailing List
  • Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
  • Mailing List
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
      End excliding
      122.0
      cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
      End excliding
      115.7
      cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
      End excliding
      115.7

      Configuration 2

      cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top