CVE-2024-4367

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 115.11.0esr-1~deb10u1 and earlier, Mozilla Thunderbird versions 115.10.0 and 128.3.0-alt1, Network Security Services (NSS).

Description: Multiple security issues have been found in Mozilla Firefox, Mozilla Thunderbird, and Network Security Services (NSS). These vulnerabilities could potentially result in arbitrary code execution, denial of service, or clickjacking. The vulnerabilities in Firefox have been addressed in version 115.11.0esr-1~deb10u1. The vulnerabilities in Thunderbird have been addressed in versions 115.10.0 and 128.3.0-alt1. The vulnerability in NSS has been addressed with fixes for a Minerva side-channel information leak.

Recommendations: Upgrade Mozilla Firefox to version 115.11.0esr-1~deb10u1 or later. Upgrade Mozilla Thunderbird to version 115.10.0 or 128.3.0-alt1. Update Network Security Services (NSS) to the latest version.

Exploit

Fix

Type Confusion

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-843CWE-754

Related Identifiers

ALSA-2023_6187

ALSA-2023_6188

ALSA-2023_6191

ALSA-2023_6194

ALSA-2023_7500

ALSA-2023_7501

ALSA-2023_7507

ALSA-2023_7508

ALSA-2024:2883

ALSA-2024:2888

ALSA-2024:3783

ALSA-2024:3784

ALSA-2024_0001

ALSA-2024_0003

ALSA-2024_0012

ALSA-2024_0025

ALSA-2024_0105

ALSA-2024_0108

ALSA-2024_0602

ALSA-2024_0603

ALSA-2024_0608

ALSA-2024_0609

ALSA-2024_0786

ALSA-2024_0790

ALSA-2024_0952

ALSA-2024_0955

ALSA-2024_0963

ALSA-2024_0964

ALSA-2024_1484

ALSA-2024_1485

ALSA-2024_1493

ALSA-2024_1494

ALSA-2024_1908

ALSA-2024_1912

ALSA-2024_1939

ALSA-2024_1940

ALSA-2024_2883

ALSA-2024_2888

ALSA-2024_3783

ALSA-2024_3784

ALSA-2024_3954

ALSA-2024_3955

ALSA-2024_4002

ALSA-2024_4036

ALSA-2024_4500

ALSA-2024_4517

ALSA-2024_4624

ALSA-2024_4635

ALSA-2024_5322

ALSA-2024_5391

ALSA-2024_5392

ALSA-2024_5402

ALSA-2024_6681

ALSA-2024_6682

ALSA-2024_6683

ALSA-2024_6684

ALSA-2024_7505

ALSA-2024_7552

ALSA-2024_7699

ALSA-2024_7700

ALSA-2024_7958

ALSA-2024_7977

ALSA-2024_8024

ALSA-2024_8025

ALSA-2024_8726

ALSA-2024_8729

ALSA-2024_8790

ALSA-2024_8793

ALSA-2024_9552

ALSA-2024_9554

ALSA-2025_16880

ALSA-2025_18155

ALSA-2025_18285

ALSA-2025_18321

ALSA-2025_18983

ALT-PU-2024-13897

ALT-PU-2024-14442

ALT-PU-2024-14892

ALT-PU-2024-15175

ALT-PU-2024-15839

ALT-PU-2024-15841

ALT-PU-2024-7772

ALT-PU-2024-7980

ALT-PU-2024-7982

BDU:2024-04733

CESA-2024_3783

CESA-2024_3784

CVE-2024-4367

DLA-3815-1

DLA-3817-1

DSA-5691-1

DSA-5693-1

DSA-5742-1

ELSA-2024-2881

ELSA-2024-2883

ELSA-2024-2888

ELSA-2024-2913

ELSA-2024-3783

ELSA-2024-3784

GHSA-WGRM-67XF-HHPQ

INFSA-2024_2883

INFSA-2024_2888

INFSA-2024_3783

INFSA-2024_3784

MGASA-2024-0189

MGASA-2024-0191

OESA-2024-2523

OESA-2025-1265

OESA-2025-1268

OPENSUSE-SU-2024:13980-1

OPENSUSE-SU-2024:13981-1

OPENSUSE-SU-2024:14572-1

OPENSUSE-SU-2024_1770-1

OPENSUSE-SU-2024_1858-1

RHSA-2024:2881

RHSA-2024:2882

RHSA-2024:2883

RHSA-2024:2884

RHSA-2024:2885

RHSA-2024:2886

RHSA-2024:2887

RHSA-2024:2888

RHSA-2024:2903

RHSA-2024:2904

RHSA-2024:2905

RHSA-2024:2906

RHSA-2024:2911

RHSA-2024:2912

RHSA-2024:2913

RHSA-2024:3338

RHSA-2024:3783

RHSA-2024:3784

RHSA-2024_2881

RHSA-2024_2883

RHSA-2024_2888

RHSA-2024_2913

RHSA-2024_3783

RHSA-2024_3784

RLSA-2024:2888

RLSA-2024:3783

RLSA-2024:3784

RLSA-2024_2888

RLSA-2024_3783

RLSA-2024_3784

SUSE-SU-2024:1676-1

SUSE-SU-2024:1770-1

SUSE-SU-2024:1858-1

SUSE-SU-2024_1676-1

SUSE-SU-2024_1770-1

SUSE-SU-2024_1858-1

USN-6779-1

USN-6779-2

USN-6782-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Confluence

Firefox

Firefox Esr

Linuxmint

Pdf.Js

Red Hat

Red Os

Rocky Linux

Suse

Thunderbird

Ubuntu

CVE-2024-4367

Weakness Enumeration

Related Identifiers

Affected Products

References · 2254