PT-2024-5750 · Mozilla+9 · Thunderbird+11

Jason Kratzer

·

Published

2024-08-06

·

Updated

2024-12-27

·

CVE-2024-7528

CVSS v3.1

10

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 129 Firefox ESR versions prior to 128.1 Thunderbird versions prior to 128.1
Description The issue is related to incorrect garbage collection interaction in IndexedDB, which could lead to a use-after-free condition. This allows a remote attacker to potentially execute arbitrary code.
Recommendations For Firefox versions prior to 129, update to version 129 or later. For Firefox ESR versions prior to 128.1, update to version 128.1 or later. For Thunderbird versions prior to 128.1, update to version 128.1 or later.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2024:5322
ALSA-2024:5391
ALSA-2024:5392
ALSA-2024:5402
ALT-PU-2024-13895
ALT-PU-2024-13897
ALT-PU-2024-13898
ALT-PU-2024-15839
ALT-PU-2024-15840
ALT-PU-2024-15841
BDU:2024-06463
CESA-2024_5391
CESA-2024_5402
CVE-2024-7528
INFSA-2024_5322
INFSA-2024_5391
INFSA-2024_5392
INFSA-2024_5402
MGASA-2024-0325
MGASA-2024-0332
MGASA-2024-0334
OPENSUSE-SU-2024:14260-1
OPENSUSE-SU-2024:14572-1
OPENSUSE-SU-2024_3003-1
OPENSUSE-SU-2024_3507-1
RHSA-2024:5322
RHSA-2024:5323
RHSA-2024:5324
RHSA-2024:5325
RHSA-2024:5326
RHSA-2024:5327
RHSA-2024:5328
RHSA-2024:5329
RHSA-2024:5391
RHSA-2024:5392
RHSA-2024:5393
RHSA-2024:5394
RHSA-2024:5395
RHSA-2024:5396
RHSA-2024:5402
RHSA-2024:5527
RHSA-2024:5528
RHSA-2024_5322
RHSA-2024_5391
RHSA-2024_5392
RHSA-2024_5402
SUSE-SU-2024:2876-1
SUSE-SU-2024:3003-1
SUSE-SU-2024:3507-1
USN-6966-1
USN-6966-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Rocky Linux
Suse
Thunderbird
Ubuntu