Bug 2280387 (CVE-2024-4777)

Summary: CVE-2024-4777 Mozilla: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11
Product: [Other] Security Response Reporter: Robb Gatica <rgatica>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abobrov, erack, gotiwari, jhorak, mvyas, tpopela
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: firefox 115.11, thunderbird 115.11 Doc Type: ---
Doc Text:
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2278893    

Description Robb Gatica 2024-05-14 18:37:54 UTC 
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4777
Comment 25 errata-xmlrpc 2024-05-16 16:46:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2888 https://access.redhat.com/errata/RHSA-2024:2888
Comment 26 errata-xmlrpc 2024-05-16 17:15:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:2884 https://access.redhat.com/errata/RHSA-2024:2884
Comment 27 errata-xmlrpc 2024-05-16 17:30:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:2882 https://access.redhat.com/errata/RHSA-2024:2882
Comment 28 errata-xmlrpc 2024-05-16 17:43:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:2886 https://access.redhat.com/errata/RHSA-2024:2886
Comment 29 errata-xmlrpc 2024-05-16 18:12:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:2885 https://access.redhat.com/errata/RHSA-2024:2885
Comment 30 errata-xmlrpc 2024-05-16 18:13:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2883 https://access.redhat.com/errata/RHSA-2024:2883
Comment 31 errata-xmlrpc 2024-05-16 18:15:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:2887 https://access.redhat.com/errata/RHSA-2024:2887
Comment 32 errata-xmlrpc 2024-05-16 18:34:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:2881 https://access.redhat.com/errata/RHSA-2024:2881
Comment 33 errata-xmlrpc 2024-05-20 01:37:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:2905 https://access.redhat.com/errata/RHSA-2024:2905
Comment 34 errata-xmlrpc 2024-05-20 01:37:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:2904 https://access.redhat.com/errata/RHSA-2024:2904
Comment 35 errata-xmlrpc 2024-05-20 02:05:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:2906 https://access.redhat.com/errata/RHSA-2024:2906
Comment 36 errata-xmlrpc 2024-05-20 02:06:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:2903 https://access.redhat.com/errata/RHSA-2024:2903
Comment 37 errata-xmlrpc 2024-05-20 05:57:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:2911 https://access.redhat.com/errata/RHSA-2024:2911
Comment 38 errata-xmlrpc 2024-05-20 07:50:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:2912 https://access.redhat.com/errata/RHSA-2024:2912
Comment 39 errata-xmlrpc 2024-05-20 07:58:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:2913 https://access.redhat.com/errata/RHSA-2024:2913
Comment 42 errata-xmlrpc 2024-05-23 12:07:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:3338 https://access.redhat.com/errata/RHSA-2024:3338
Comment 43 errata-xmlrpc 2024-06-10 19:34:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3783 https://access.redhat.com/errata/RHSA-2024:3783
Comment 44 errata-xmlrpc 2024-06-10 19:42:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3784 https://access.redhat.com/errata/RHSA-2024:3784