Bug 2296639 (CVE-2024-6604)

Summary: CVE-2024-6604 Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: gotiwari, jhorak, mvyas, sahil710710710, tpopela
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: firefox 115.13, thunderbird 115.13 Doc Type: If docs needed, set a value
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2295963    

Description OSIDB Bzimport 2024-07-09 15:21:34 UTC 
Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.
Comment 12 errata-xmlrpc 2024-07-11 11:41:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:4501 https://access.redhat.com/errata/RHSA-2024:4501
Comment 13 errata-xmlrpc 2024-07-11 11:56:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:4500 https://access.redhat.com/errata/RHSA-2024:4500
Comment 14 errata-xmlrpc 2024-07-11 13:51:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2024:4508 https://access.redhat.com/errata/RHSA-2024:4508
Comment 15 errata-xmlrpc 2024-07-11 15:16:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:4517 https://access.redhat.com/errata/RHSA-2024:4517
Comment 26 errata-xmlrpc 2024-07-17 04:21:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:4586 https://access.redhat.com/errata/RHSA-2024:4586
Comment 27 errata-xmlrpc 2024-07-17 12:11:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:4590 https://access.redhat.com/errata/RHSA-2024:4590
Comment 28 errata-xmlrpc 2024-07-18 11:23:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:4610 https://access.redhat.com/errata/RHSA-2024:4610
Comment 29 errata-xmlrpc 2024-07-18 13:41:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:4625 https://access.redhat.com/errata/RHSA-2024:4625
Comment 30 errata-xmlrpc 2024-07-18 14:13:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:4624 https://access.redhat.com/errata/RHSA-2024:4624
Comment 31 errata-xmlrpc 2024-07-18 15:39:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:4634 https://access.redhat.com/errata/RHSA-2024:4634
Comment 32 errata-xmlrpc 2024-07-18 15:48:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:4635 https://access.redhat.com/errata/RHSA-2024:4635
Comment 33 errata-xmlrpc 2024-07-22 01:19:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:4671 https://access.redhat.com/errata/RHSA-2024:4671
Comment 34 errata-xmlrpc 2024-07-22 01:22:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:4673 https://access.redhat.com/errata/RHSA-2024:4673
Comment 35 errata-xmlrpc 2024-07-22 01:24:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:4670 https://access.redhat.com/errata/RHSA-2024:4670
Comment 36 errata-xmlrpc 2024-07-23 08:23:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:4717 https://access.redhat.com/errata/RHSA-2024:4717
Comment 37 errata-xmlrpc 2024-07-23 08:38:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:4718 https://access.redhat.com/errata/RHSA-2024:4718
Comment 38 errata-xmlrpc 2024-07-29 01:11:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:4894 https://access.redhat.com/errata/RHSA-2024:4894