PT-2024-2378 · Mozilla+3 · Thunderbird+5

Goodbyeselene

Published

2024-03-19

Updated

2024-12-27

CVE-2024-2605

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 124 Firefox ESR versions prior to 115.9 Thunderbird versions prior to 115.9

Description The issue is related to the Windows Error Reporter in Mozilla Firefox, Firefox ESR, and Thunderbird on Windows operating systems. It involves errors in security settings, allowing a remote attacker to execute arbitrary code using a specially crafted web page. This could enable the attacker to run code on the system, escaping the sandbox. The issue only affects Windows operating systems, with other operating systems being unaffected.

Recommendations For Firefox versions prior to 124, update to version 124 or later to resolve the issue. For Firefox ESR versions prior to 115.9, update to version 115.9 or later to resolve the issue. For Thunderbird versions prior to 115.9, update to version 115.9 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-254

Related Identifiers

ALT-PU-2024-15839

ALT-PU-2024-4271

ALT-PU-2024-4963

ALT-PU-2024-4971

ALT-PU-2024-4973

ALT-PU-2024-5117

ALT-PU-2024-6027

ALT-PU-2024-6213

BDU:2024-02329

CVE-2024-2605

OPENSUSE-SU-2024:13789-1

OPENSUSE-SU-2024:13795-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2024:0971-1

SUSE-SU-2024:1002-1

SUSE-SU-2024:1147-1

Affected Products

Alt Linux

Firefox

Firefox Esr

Red Os

Suse

Thunderbird

PT-2024-2378 · Mozilla+3 · Thunderbird+5

CVE-2024-2605

Weakness Enumeration

Related Identifiers

Affected Products

References · 1905