Bug 2275555 (CVE-2024-3864) - CVE-2024-3864 Mozilla: Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10
Summary: CVE-2024-3864 Mozilla: Memory safety bug fixed in Firefox 125, Firefox ESR 11...
Keywords:
Status: NEW
Alias: CVE-2024-3864
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2272959
TreeView+ depends on / blocked
 
Reported: 2024-04-17 15:18 UTC by Mauro Matteo Cascella
Modified: 2024-04-22 08:15 UTC (History)
6 users (show)

Fixed In Version: firefox 115.10, thunderbird 115.10
Doc Type: ---
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:1904 0 None None None 2024-04-18 09:07:11 UTC
Red Hat Product Errata RHSA-2024:1905 0 None None None 2024-04-18 09:39:36 UTC
Red Hat Product Errata RHSA-2024:1906 0 None None None 2024-04-18 09:54:59 UTC
Red Hat Product Errata RHSA-2024:1907 0 None None None 2024-04-18 09:41:02 UTC
Red Hat Product Errata RHSA-2024:1908 0 None None None 2024-04-18 09:53:54 UTC
Red Hat Product Errata RHSA-2024:1909 0 None None None 2024-04-18 09:56:40 UTC
Red Hat Product Errata RHSA-2024:1910 0 None None None 2024-04-18 12:07:40 UTC
Red Hat Product Errata RHSA-2024:1911 0 None None None 2024-04-18 10:10:50 UTC
Red Hat Product Errata RHSA-2024:1912 0 None None None 2024-04-18 10:22:57 UTC

Description Mauro Matteo Cascella 2024-04-17 15:18:06 UTC 
Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3864
Comment 15 errata-xmlrpc 2024-04-18 09:07:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2024:1904 https://access.redhat.com/errata/RHSA-2024:1904
Comment 16 errata-xmlrpc 2024-04-18 09:39:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:1905 https://access.redhat.com/errata/RHSA-2024:1905
Comment 17 errata-xmlrpc 2024-04-18 09:41:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:1907 https://access.redhat.com/errata/RHSA-2024:1907
Comment 18 errata-xmlrpc 2024-04-18 09:53:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:1908 https://access.redhat.com/errata/RHSA-2024:1908
Comment 19 errata-xmlrpc 2024-04-18 09:54:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:1906 https://access.redhat.com/errata/RHSA-2024:1906
Comment 20 errata-xmlrpc 2024-04-18 09:56:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:1909 https://access.redhat.com/errata/RHSA-2024:1909
Comment 21 errata-xmlrpc 2024-04-18 10:10:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:1911 https://access.redhat.com/errata/RHSA-2024:1911
Comment 22 errata-xmlrpc 2024-04-18 10:22:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:1912 https://access.redhat.com/errata/RHSA-2024:1912
Comment 23 errata-xmlrpc 2024-04-18 12:07:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:1910 https://access.redhat.com/errata/RHSA-2024:1910
Note You need to log in before you can comment on or make changes to this bug.