PT-2024-2408 · Mozilla+4 · Firefox+4

Max Inden

Published

2024-03-19

Updated

2025-03-14

CVE-2024-2613

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 124

Description The issue is related to uncontrolled resource consumption. It could allow a remote attacker to cause a denial of service using a specially crafted website. The problem arises from improper sanitization of data when decoding a QUIC ACK frame, potentially leading to unrestricted memory consumption and a crash.

Recommendations For versions prior to 124, update to version 124 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially malicious websites to minimize the risk of exploitation.

Exploit

Fix

Clickjacking

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1021CWE-400

Related Identifiers

ALT-PU-2024-15839

ALT-PU-2024-4271

BDU:2024-02360

CVE-2024-2613

OESA-2025-1265

OESA-2025-1268

OPENSUSE-SU-2024:13795-1

OPENSUSE-SU-2024:14572-1

USN-6703-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Firefox

Ubuntu

PT-2024-2408 · Mozilla+4 · Firefox+4

CVE-2024-2613

Weakness Enumeration

Related Identifiers

Affected Products

References · 2088