Bug 2291401 (CVE-2024-5700) - CVE-2024-5700 Mozilla: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12
Summary: CVE-2024-5700 Mozilla: Memory safety bugs fixed in Firefox 127, Firefox ESR 1...
Keywords:
Status: NEW
Alias: CVE-2024-5700
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2284144
TreeView+ depends on / blocked
 
Reported: 2024-06-11 20:46 UTC by Robb Gatica
Modified: 2024-06-24 10:49 UTC (History)
5 users (show)

Fixed In Version: firefox 115.12, thunderbird 115.12
Doc Type: ---
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:3949 0 None None None 2024-06-17 13:12:18 UTC
Red Hat Product Errata RHSA-2024:3950 0 None None None 2024-06-17 13:14:41 UTC
Red Hat Product Errata RHSA-2024:3951 0 None None None 2024-06-17 13:46:50 UTC
Red Hat Product Errata RHSA-2024:3952 0 None None None 2024-06-17 13:05:26 UTC
Red Hat Product Errata RHSA-2024:3953 0 None None None 2024-06-17 13:18:05 UTC
Red Hat Product Errata RHSA-2024:3954 0 None None None 2024-06-17 13:34:24 UTC
Red Hat Product Errata RHSA-2024:3955 0 None None None 2024-06-17 13:43:18 UTC
Red Hat Product Errata RHSA-2024:3958 0 None None None 2024-06-17 15:20:04 UTC
Red Hat Product Errata RHSA-2024:3972 0 None None None 2024-06-18 06:18:33 UTC
Red Hat Product Errata RHSA-2024:4001 0 None None None 2024-06-20 05:27:14 UTC
Red Hat Product Errata RHSA-2024:4002 0 None None None 2024-06-20 05:56:20 UTC
Red Hat Product Errata RHSA-2024:4003 0 None None None 2024-06-20 05:38:56 UTC
Red Hat Product Errata RHSA-2024:4004 0 None None None 2024-06-20 05:47:48 UTC
Red Hat Product Errata RHSA-2024:4015 0 None None None 2024-06-20 06:50:11 UTC
Red Hat Product Errata RHSA-2024:4016 0 None None None 2024-06-20 08:16:52 UTC
Red Hat Product Errata RHSA-2024:4018 0 None None None 2024-06-20 10:31:49 UTC
Red Hat Product Errata RHSA-2024:4036 0 None None None 2024-06-20 17:24:40 UTC
Red Hat Product Errata RHSA-2024:4063 0 None None None 2024-06-24 10:49:53 UTC

Description Robb Gatica 2024-06-11 20:46:02 UTC
Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5700

Comment 23 errata-xmlrpc 2024-06-17 13:05:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:3952 https://access.redhat.com/errata/RHSA-2024:3952

Comment 24 errata-xmlrpc 2024-06-17 13:12:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:3949 https://access.redhat.com/errata/RHSA-2024:3949

Comment 25 errata-xmlrpc 2024-06-17 13:14:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:3950 https://access.redhat.com/errata/RHSA-2024:3950

Comment 26 errata-xmlrpc 2024-06-17 13:18:04 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:3953 https://access.redhat.com/errata/RHSA-2024:3953

Comment 27 errata-xmlrpc 2024-06-17 13:34:23 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3954 https://access.redhat.com/errata/RHSA-2024:3954

Comment 28 errata-xmlrpc 2024-06-17 13:43:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:3955 https://access.redhat.com/errata/RHSA-2024:3955

Comment 29 errata-xmlrpc 2024-06-17 13:46:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:3951 https://access.redhat.com/errata/RHSA-2024:3951

Comment 30 errata-xmlrpc 2024-06-17 15:20:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:3958 https://access.redhat.com/errata/RHSA-2024:3958

Comment 31 errata-xmlrpc 2024-06-18 06:18:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:3972 https://access.redhat.com/errata/RHSA-2024:3972

Comment 34 errata-xmlrpc 2024-06-20 05:27:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:4001 https://access.redhat.com/errata/RHSA-2024:4001

Comment 35 errata-xmlrpc 2024-06-20 05:38:55 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:4003 https://access.redhat.com/errata/RHSA-2024:4003

Comment 36 errata-xmlrpc 2024-06-20 05:47:47 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:4004 https://access.redhat.com/errata/RHSA-2024:4004

Comment 37 errata-xmlrpc 2024-06-20 05:56:19 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:4002 https://access.redhat.com/errata/RHSA-2024:4002

Comment 38 errata-xmlrpc 2024-06-20 06:50:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:4015 https://access.redhat.com/errata/RHSA-2024:4015

Comment 39 errata-xmlrpc 2024-06-20 08:16:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:4016 https://access.redhat.com/errata/RHSA-2024:4016

Comment 40 errata-xmlrpc 2024-06-20 10:31:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:4018 https://access.redhat.com/errata/RHSA-2024:4018

Comment 41 errata-xmlrpc 2024-06-20 17:24:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:4036 https://access.redhat.com/errata/RHSA-2024:4036

Comment 42 errata-xmlrpc 2024-06-24 10:49:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:4063 https://access.redhat.com/errata/RHSA-2024:4063


Note You need to log in before you can comment on or make changes to this bug.