Bug 2275555 (CVE-2024-3864)

Summary: CVE-2024-3864 Mozilla: Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10
Product: [Other] Security Response Reporter: Mauro Matteo Cascella <mcascell>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: abobrov, erack, gotiwari, jhorak, mvyas, tpopela
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: firefox 115.10, thunderbird 115.10 Doc Type: ---
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2272959    

Description Mauro Matteo Cascella 2024-04-17 15:18:06 UTC 
Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3864
Comment 15 errata-xmlrpc 2024-04-18 09:07:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2024:1904 https://access.redhat.com/errata/RHSA-2024:1904
Comment 16 errata-xmlrpc 2024-04-18 09:39:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:1905 https://access.redhat.com/errata/RHSA-2024:1905
Comment 17 errata-xmlrpc 2024-04-18 09:41:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:1907 https://access.redhat.com/errata/RHSA-2024:1907
Comment 18 errata-xmlrpc 2024-04-18 09:53:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:1908 https://access.redhat.com/errata/RHSA-2024:1908
Comment 19 errata-xmlrpc 2024-04-18 09:54:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:1906 https://access.redhat.com/errata/RHSA-2024:1906
Comment 20 errata-xmlrpc 2024-04-18 09:56:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:1909 https://access.redhat.com/errata/RHSA-2024:1909
Comment 21 errata-xmlrpc 2024-04-18 10:10:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:1911 https://access.redhat.com/errata/RHSA-2024:1911
Comment 22 errata-xmlrpc 2024-04-18 10:22:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:1912 https://access.redhat.com/errata/RHSA-2024:1912
Comment 23 errata-xmlrpc 2024-04-18 12:07:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:1910 https://access.redhat.com/errata/RHSA-2024:1910