Bug 2296638 (CVE-2024-6603)

Summary: CVE-2024-6603 Mozilla: Memory corruption in thread creation
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: erack, gotiwari, jhorak, mvyas, tpopela
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: firefox 115.13, thunderbird 115.13 Doc Type: If docs needed, set a value
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2295963    

Description OSIDB Bzimport 2024-07-09 15:21:22 UTC 
In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.
Comment 12 errata-xmlrpc 2024-07-11 11:41:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:4501 https://access.redhat.com/errata/RHSA-2024:4501
Comment 13 errata-xmlrpc 2024-07-11 11:56:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:4500 https://access.redhat.com/errata/RHSA-2024:4500
Comment 14 errata-xmlrpc 2024-07-11 13:51:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2024:4508 https://access.redhat.com/errata/RHSA-2024:4508
Comment 15 errata-xmlrpc 2024-07-11 15:16:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:4517 https://access.redhat.com/errata/RHSA-2024:4517
Comment 26 errata-xmlrpc 2024-07-17 04:21:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:4586 https://access.redhat.com/errata/RHSA-2024:4586
Comment 27 errata-xmlrpc 2024-07-17 12:11:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:4590 https://access.redhat.com/errata/RHSA-2024:4590
Comment 28 errata-xmlrpc 2024-07-18 11:23:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:4610 https://access.redhat.com/errata/RHSA-2024:4610
Comment 29 errata-xmlrpc 2024-07-18 13:41:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:4625 https://access.redhat.com/errata/RHSA-2024:4625
Comment 30 errata-xmlrpc 2024-07-18 14:13:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:4624 https://access.redhat.com/errata/RHSA-2024:4624
Comment 31 errata-xmlrpc 2024-07-18 15:39:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:4634 https://access.redhat.com/errata/RHSA-2024:4634
Comment 32 errata-xmlrpc 2024-07-18 15:48:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:4635 https://access.redhat.com/errata/RHSA-2024:4635
Comment 33 errata-xmlrpc 2024-07-22 01:19:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:4671 https://access.redhat.com/errata/RHSA-2024:4671
Comment 34 errata-xmlrpc 2024-07-22 01:22:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:4673 https://access.redhat.com/errata/RHSA-2024:4673
Comment 35 errata-xmlrpc 2024-07-22 01:24:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:4670 https://access.redhat.com/errata/RHSA-2024:4670
Comment 36 errata-xmlrpc 2024-07-23 08:23:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:4717 https://access.redhat.com/errata/RHSA-2024:4717
Comment 37 errata-xmlrpc 2024-07-23 08:38:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:4718 https://access.redhat.com/errata/RHSA-2024:4718
Comment 38 errata-xmlrpc 2024-07-29 01:11:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:4894 https://access.redhat.com/errata/RHSA-2024:4894