PT-2024-4427 · Mozilla+9 · Thunderbird+10

Dan Minor

Published

2024-03-19

Updated

2025-03-14

CVE-2024-2616

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firefox ESR versions prior to 115.9 Thunderbird versions prior to 115.9

Description The issue is related to incorrect clearing or release of resources, potentially allowing a remote attacker to impact the confidentiality, availability, and integrity of protected information. The behavior for out-of-memory conditions was changed to crash instead of attempting to continue, in order to harden against exploitation.

Recommendations For Firefox ESR versions prior to 115.9, update to version 115.9 or later. For Thunderbird versions prior to 115.9, update to version 115.9 or later.

Fix

Memory Corruption

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-404

Related Identifiers

ALSA-2024:1484

ALSA-2024:1485

ALT-PU-2024-4963

ALT-PU-2024-4971

ALT-PU-2024-4973

ALT-PU-2024-5117

ALT-PU-2024-6027

ALT-PU-2024-6213

BDU:2024-04929

CESA-2024_1484

CESA-2024_1486

CVE-2024-2616

DLA-3769-1

DLA-3775-1

DSA-5643-1

DSA-5644-1

MGASA-2024-0092

MGASA-2024-0094

OESA-2025-1265

OESA-2025-1268

OPENSUSE-SU-2024:13789-1

RHSA-2024:1483

RHSA-2024:1484

RHSA-2024:1485

RHSA-2024:1486

RHSA-2024:1487

RHSA-2024:1488

RHSA-2024:1489

RHSA-2024:1490

RHSA-2024:1491

RHSA-2024_1484

RHSA-2024_1485

RHSA-2024_1486

RLSA-2024:1484

SUSE-SU-2024:0971-1

SUSE-SU-2024:1002-1

SUSE-SU-2024:1147-1

USN-6717-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Firefox Esr

Linuxmint

Red Hat

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2024-4427 · Mozilla+9 · Thunderbird+10

CVE-2024-2616

Weakness Enumeration

Related Identifiers

Affected Products

References · 311