Bug 2280387 (CVE-2024-4777) - CVE-2024-4777 Mozilla: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11
Summary: CVE-2024-4777 Mozilla: Memory safety bugs fixed in Firefox 126, Firefox ESR 1...
Keywords:
Status: NEW
Alias: CVE-2024-4777
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2278893
TreeView+ depends on / blocked
 
Reported: 2024-05-14 18:37 UTC by Robb Gatica
Modified: 2024-06-10 19:42 UTC (History)
6 users (show)

Fixed In Version: firefox 115.11, thunderbird 115.11
Doc Type: ---
Doc Text:
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:2881 0 None None None 2024-05-16 18:34:55 UTC
Red Hat Product Errata RHSA-2024:2882 0 None None None 2024-05-16 17:30:47 UTC
Red Hat Product Errata RHSA-2024:2883 0 None None None 2024-05-16 18:13:15 UTC
Red Hat Product Errata RHSA-2024:2884 0 None None None 2024-05-16 17:16:00 UTC
Red Hat Product Errata RHSA-2024:2885 0 None None None 2024-05-16 18:12:51 UTC
Red Hat Product Errata RHSA-2024:2886 0 None None None 2024-05-16 17:43:02 UTC
Red Hat Product Errata RHSA-2024:2887 0 None None None 2024-05-16 18:15:59 UTC
Red Hat Product Errata RHSA-2024:2888 0 None None None 2024-05-16 16:46:42 UTC
Red Hat Product Errata RHSA-2024:2903 0 None None None 2024-05-20 02:06:06 UTC
Red Hat Product Errata RHSA-2024:2904 0 None None None 2024-05-20 01:37:56 UTC
Red Hat Product Errata RHSA-2024:2905 0 None None None 2024-05-20 01:37:13 UTC
Red Hat Product Errata RHSA-2024:2906 0 None None None 2024-05-20 02:05:55 UTC
Red Hat Product Errata RHSA-2024:2911 0 None None None 2024-05-20 05:57:30 UTC
Red Hat Product Errata RHSA-2024:2912 0 None None None 2024-05-20 07:50:38 UTC
Red Hat Product Errata RHSA-2024:2913 0 None None None 2024-05-20 07:58:46 UTC
Red Hat Product Errata RHSA-2024:3338 0 None None None 2024-05-23 12:07:07 UTC
Red Hat Product Errata RHSA-2024:3783 0 None None None 2024-06-10 19:34:15 UTC
Red Hat Product Errata RHSA-2024:3784 0 None None None 2024-06-10 19:42:44 UTC

Description Robb Gatica 2024-05-14 18:37:54 UTC 
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4777
Comment 25 errata-xmlrpc 2024-05-16 16:46:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2888 https://access.redhat.com/errata/RHSA-2024:2888
Comment 26 errata-xmlrpc 2024-05-16 17:15:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:2884 https://access.redhat.com/errata/RHSA-2024:2884
Comment 27 errata-xmlrpc 2024-05-16 17:30:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:2882 https://access.redhat.com/errata/RHSA-2024:2882
Comment 28 errata-xmlrpc 2024-05-16 17:43:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:2886 https://access.redhat.com/errata/RHSA-2024:2886
Comment 29 errata-xmlrpc 2024-05-16 18:12:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:2885 https://access.redhat.com/errata/RHSA-2024:2885
Comment 30 errata-xmlrpc 2024-05-16 18:13:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2883 https://access.redhat.com/errata/RHSA-2024:2883
Comment 31 errata-xmlrpc 2024-05-16 18:15:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:2887 https://access.redhat.com/errata/RHSA-2024:2887
Comment 32 errata-xmlrpc 2024-05-16 18:34:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:2881 https://access.redhat.com/errata/RHSA-2024:2881
Comment 33 errata-xmlrpc 2024-05-20 01:37:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:2905 https://access.redhat.com/errata/RHSA-2024:2905
Comment 34 errata-xmlrpc 2024-05-20 01:37:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:2904 https://access.redhat.com/errata/RHSA-2024:2904
Comment 35 errata-xmlrpc 2024-05-20 02:05:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:2906 https://access.redhat.com/errata/RHSA-2024:2906
Comment 36 errata-xmlrpc 2024-05-20 02:06:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:2903 https://access.redhat.com/errata/RHSA-2024:2903
Comment 37 errata-xmlrpc 2024-05-20 05:57:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:2911 https://access.redhat.com/errata/RHSA-2024:2911
Comment 38 errata-xmlrpc 2024-05-20 07:50:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:2912 https://access.redhat.com/errata/RHSA-2024:2912
Comment 39 errata-xmlrpc 2024-05-20 07:58:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:2913 https://access.redhat.com/errata/RHSA-2024:2913
Comment 42 errata-xmlrpc 2024-05-23 12:07:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:3338 https://access.redhat.com/errata/RHSA-2024:3338
Comment 43 errata-xmlrpc 2024-06-10 19:34:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3783 https://access.redhat.com/errata/RHSA-2024:3783
Comment 44 errata-xmlrpc 2024-06-10 19:42:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3784 https://access.redhat.com/errata/RHSA-2024:3784
Note You need to log in before you can comment on or make changes to this bug.