Bug 2270666 (CVE-2024-2614) - CVE-2024-2614 Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9
Summary: CVE-2024-2614 Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 1...
Keywords:
Status: NEW
Alias: CVE-2024-2614
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2268120
TreeView+ depends on / blocked
 
Reported: 2024-03-21 10:39 UTC by Mauro Matteo Cascella
Modified: 2024-03-25 20:13 UTC (History)
6 users (show)

Fixed In Version: firefox 115.9, thunderbird 115.9
Doc Type: ---
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:1483 0 None None None 2024-03-25 18:49:47 UTC
Red Hat Product Errata RHSA-2024:1484 0 None None None 2024-03-25 19:28:44 UTC
Red Hat Product Errata RHSA-2024:1485 0 None None None 2024-03-25 19:25:47 UTC
Red Hat Product Errata RHSA-2024:1486 0 None None None 2024-03-25 20:11:06 UTC
Red Hat Product Errata RHSA-2024:1487 0 None None None 2024-03-25 19:35:02 UTC
Red Hat Product Errata RHSA-2024:1488 0 None None None 2024-03-25 19:34:45 UTC
Red Hat Product Errata RHSA-2024:1489 0 None None None 2024-03-25 19:35:20 UTC
Red Hat Product Errata RHSA-2024:1490 0 None None None 2024-03-25 19:32:50 UTC
Red Hat Product Errata RHSA-2024:1491 0 None None None 2024-03-25 19:32:41 UTC
Red Hat Product Errata RHSA-2024:1492 0 None None None 2024-03-25 20:07:17 UTC
Red Hat Product Errata RHSA-2024:1493 0 None None None 2024-03-25 20:06:19 UTC
Red Hat Product Errata RHSA-2024:1494 0 None None None 2024-03-25 20:07:13 UTC
Red Hat Product Errata RHSA-2024:1495 0 None None None 2024-03-25 20:06:38 UTC
Red Hat Product Errata RHSA-2024:1496 0 None None None 2024-03-25 20:12:45 UTC
Red Hat Product Errata RHSA-2024:1497 0 None None None 2024-03-25 20:13:00 UTC
Red Hat Product Errata RHSA-2024:1498 0 None None None 2024-03-25 20:07:01 UTC
Red Hat Product Errata RHSA-2024:1499 0 None None None 2024-03-25 20:05:06 UTC
Red Hat Product Errata RHSA-2024:1500 0 None None None 2024-03-25 20:13:15 UTC

Description Mauro Matteo Cascella 2024-03-21 10:39:55 UTC 
Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2614
Comment 26 errata-xmlrpc 2024-03-25 18:49:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:1483 https://access.redhat.com/errata/RHSA-2024:1483
Comment 27 errata-xmlrpc 2024-03-25 19:25:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:1485 https://access.redhat.com/errata/RHSA-2024:1485
Comment 28 errata-xmlrpc 2024-03-25 19:28:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:1484 https://access.redhat.com/errata/RHSA-2024:1484
Comment 29 errata-xmlrpc 2024-03-25 19:32:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:1491 https://access.redhat.com/errata/RHSA-2024:1491
Comment 30 errata-xmlrpc 2024-03-25 19:32:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2024:1490 https://access.redhat.com/errata/RHSA-2024:1490
Comment 31 errata-xmlrpc 2024-03-25 19:34:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:1488 https://access.redhat.com/errata/RHSA-2024:1488
Comment 32 errata-xmlrpc 2024-03-25 19:35:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:1487 https://access.redhat.com/errata/RHSA-2024:1487
Comment 33 errata-xmlrpc 2024-03-25 19:35:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:1489 https://access.redhat.com/errata/RHSA-2024:1489
Comment 34 errata-xmlrpc 2024-03-25 20:05:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:1499 https://access.redhat.com/errata/RHSA-2024:1499
Comment 35 errata-xmlrpc 2024-03-25 20:06:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:1493 https://access.redhat.com/errata/RHSA-2024:1493
Comment 36 errata-xmlrpc 2024-03-25 20:06:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:1495 https://access.redhat.com/errata/RHSA-2024:1495
Comment 37 errata-xmlrpc 2024-03-25 20:07:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:1498 https://access.redhat.com/errata/RHSA-2024:1498
Comment 38 errata-xmlrpc 2024-03-25 20:07:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:1494 https://access.redhat.com/errata/RHSA-2024:1494
Comment 39 errata-xmlrpc 2024-03-25 20:07:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:1492 https://access.redhat.com/errata/RHSA-2024:1492
Comment 40 errata-xmlrpc 2024-03-25 20:11:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:1486 https://access.redhat.com/errata/RHSA-2024:1486
Comment 41 errata-xmlrpc 2024-03-25 20:12:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:1496 https://access.redhat.com/errata/RHSA-2024:1496
Comment 42 errata-xmlrpc 2024-03-25 20:12:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:1497 https://access.redhat.com/errata/RHSA-2024:1497
Comment 43 errata-xmlrpc 2024-03-25 20:13:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2024:1500 https://access.redhat.com/errata/RHSA-2024:1500
Note You need to log in before you can comment on or make changes to this bug.