PT-2024-4637 · Mozilla+10 · Thunderbird+12

Lukas Bernhard

Published

2024-06-11

Updated

2025-03-14

CVE-2024-5688

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 127 Firefox ESR versions prior to 115.12 Thunderbird versions prior to 115.12

Description: The issue is related to a use-after-free condition that could occur during object transplant in JavaScript, potentially allowing a remote attacker to execute arbitrary code or cause a denial of service. This is due to the garbage collection mechanism being triggered at a specific time, leading to the use-after-free condition.

Recommendations: For Firefox versions prior to 127, update to version 127 or later to resolve the issue. For Firefox ESR versions prior to 115.12, update to version 115.12 or later to resolve the issue. For Thunderbird versions prior to 115.12, update to version 115.12 or later to resolve the issue.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2024:3954

ALSA-2024:3955

ALSA-2024:4002

ALSA-2024:4036

ALT-PU-2024-10126

ALT-PU-2024-10593

ALT-PU-2024-13895

ALT-PU-2024-13897

ALT-PU-2024-13898

ALT-PU-2024-14780

ALT-PU-2024-14892

ALT-PU-2024-15087

ALT-PU-2024-15175

ALT-PU-2024-15839

ALT-PU-2024-15840

ALT-PU-2024-15841

BDU:2024-05145

CESA-2024_3954

CESA-2024_4036

CVE-2024-5688

DLA-3825-1

DLA-3836-1

DSA-5709-1

DSA-5711-1

INFSA-2024_3954

INFSA-2024_3955

INFSA-2024_4002

INFSA-2024_4036

MGASA-2024-0222

MGASA-2024-0231

OESA-2024-1939

OESA-2025-1265

OESA-2025-1268

OPENSUSE-SU-2024:14044-1

OPENSUSE-SU-2024:14049-1

OPENSUSE-SU-2024:14572-1

OPENSUSE-SU-2024_2061-1

RHSA-2024:3949

RHSA-2024:3950

RHSA-2024:3951

RHSA-2024:3952

RHSA-2024:3953

RHSA-2024:3954

RHSA-2024:3955

RHSA-2024:3958

RHSA-2024:3972

RHSA-2024:4001

RHSA-2024:4002

RHSA-2024:4003

RHSA-2024:4004

RHSA-2024:4015

RHSA-2024:4016

RHSA-2024:4018

RHSA-2024:4036

RHSA-2024:4063

RHSA-2024_3951

RHSA-2024_3954

RHSA-2024_3955

RHSA-2024_4002

RHSA-2024_4016

RHSA-2024_4036

RLSA-2024:3954

RLSA-2024:3955

RLSA-2024:4002

RLSA-2024:4036

SUSE-SU-2024:2012-1

SUSE-SU-2024:2061-1

SUSE-SU-2024:2073-1

SUSE-SU-2024:2371-1

SUSE-SU-2024:2399-1

SUSE-SU-2024_2012-1

SUSE-SU-2024_2061-1

SUSE-SU-2024_2371-1

SUSE-SU-2024_2399-1

USN-6840-1

USN-6862-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Firefox

Firefox Esr

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2024-4637 · Mozilla+10 · Thunderbird+12

CVE-2024-5688

Weakness Enumeration

Related Identifiers

Affected Products

References · 2190