PT-2024-3494 · Mozilla+10 · Thunderbird+12

Paul Bone

·

Published

2024-04-15

·

Updated

2025-10-02

·

CVE-2024-3864

CVSS v3.1

8.1

High

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions 124 and earlier Firefox ESR versions 115.9 and earlier Thunderbird versions 115.9 and earlier
Description The issue is related to a memory safety bug that can cause memory corruption. It is presumed that with sufficient effort, this bug could be exploited to run arbitrary code. The vulnerability is also described as a buffer overflow issue when handling HTML content, which could allow a remote attacker to execute arbitrary code.
Recommendations For Firefox version 124 and earlier, update to version 125 or later. For Firefox ESR version 115.9 and earlier, update to version 115.10 or later. For Thunderbird version 115.9 and earlier, update to version 115.10 or later.

Exploit

Fix

DoS

LPE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-120

Related Identifiers

ALSA-2024:1908
ALSA-2024:1912
ALSA-2024:1939
ALSA-2024:1940
ALT-PU-2024-13897
ALT-PU-2024-14442
ALT-PU-2024-14892
ALT-PU-2024-15175
ALT-PU-2024-15839
ALT-PU-2024-15841
ALT-PU-2024-6719
ALT-PU-2024-6721
ALT-PU-2024-6765
BDU:2024-03796
CESA-2024_1912
CESA-2024_1939
CVE-2024-3864
DLA-3790-1
DLA-3791-1
DSA-5663-1
DSA-5670-1
MGASA-2024-0151
MGASA-2024-0153
OESA-2024-1953
OESA-2025-1265
OESA-2025-1268
OPENSUSE-SU-2024:13884-1
OPENSUSE-SU-2024:13907-1
OPENSUSE-SU-2024:14572-1
OPENSUSE-SU-2024_1350-1
OPENSUSE-SU-2024_1437-1
OPENSUSE-SU-2024_1770-1
RHSA-2024:1904
RHSA-2024:1905
RHSA-2024:1906
RHSA-2024:1907
RHSA-2024:1908
RHSA-2024:1909
RHSA-2024:1910
RHSA-2024:1911
RHSA-2024:1912
RHSA-2024:1934
RHSA-2024:1935
RHSA-2024:1936
RHSA-2024:1937
RHSA-2024:1938
RHSA-2024:1939
RHSA-2024:1940
RHSA-2024:1941
RHSA-2024:1982
RHSA-2024_1908
RHSA-2024_1910
RHSA-2024_1912
RHSA-2024_1935
RHSA-2024_1939
RHSA-2024_1940
RLSA-2024:1908
RLSA-2024:1912
SUSE-SU-2024:1319-1
SUSE-SU-2024:1350-1
SUSE-SU-2024:1437-1
SUSE-SU-2024:1676-1
SUSE-SU-2024:1770-1
USN-6747-1
USN-6747-2
USN-6750-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Thunderbird
Ubuntu