Bug 2296637 (CVE-2024-6602)

Summary: CVE-2024-6602 Mozilla: Memory corruption in NSS
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: gotiwari, jhorak, mcascell, mvyas, rrelyea, tpopela
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: firefox 115.13, thunderbird 115.13 Doc Type: If docs needed, set a value
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: A mismatch between allocator and deallocator could have lead to memory corruption.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2297281    
Bug Blocks: 2295963    

Description OSIDB Bzimport 2024-07-09 15:21:07 UTC 
A mismatch between allocator and deallocator could have lead to memory corruption. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.
Comment 2 Mauro Matteo Cascella 2024-07-11 09:08:04 UTC 
Created nss tracking bugs for this issue:

Affects: fedora-all [bug 2297281]
Comment 20 errata-xmlrpc 2024-07-18 13:41:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:4625 https://access.redhat.com/errata/RHSA-2024:4625
Comment 21 errata-xmlrpc 2024-07-22 01:19:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:4671 https://access.redhat.com/errata/RHSA-2024:4671
Comment 22 errata-xmlrpc 2024-07-22 01:24:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:4670 https://access.redhat.com/errata/RHSA-2024:4670
Comment 23 errata-xmlrpc 2024-07-23 08:23:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:4717 https://access.redhat.com/errata/RHSA-2024:4717
Comment 24 errata-xmlrpc 2024-07-23 08:38:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:4718 https://access.redhat.com/errata/RHSA-2024:4718
Comment 25 errata-xmlrpc 2024-07-29 01:11:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:4894 https://access.redhat.com/errata/RHSA-2024:4894