PT-2024-5881 · Mozilla+10 · Thunderbird+12

Irvan Kurniawan

Published

2024-07-09

Updated

2025-03-14

CVE-2024-6603

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 128 Firefox ESR versions prior to 115.13 Thunderbird versions prior to 115.13 Thunderbird versions prior to 128

Description The issue is related to memory corruption that can occur in an out-of-memory scenario, where an allocation failure is followed by a call to free on the pointer, leading to potential damage. This can be exploited by a remote attacker to execute arbitrary code. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations For Firefox versions prior to 128, update to version 128 or later. For Firefox ESR versions prior to 115.13, update to version 115.13 or later. For Thunderbird versions prior to 115.13, update to version 115.13 or later. For Thunderbird versions prior to 128, update to version 128 or later.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-823CWE-119

Related Identifiers

ALSA-2024:4500

ALSA-2024:4517

ALSA-2024:4624

ALSA-2024:4635

ALT-PU-2024-13895

ALT-PU-2024-13897

ALT-PU-2024-13898

ALT-PU-2024-14780

ALT-PU-2024-14892

ALT-PU-2024-15087

ALT-PU-2024-15175

ALT-PU-2024-15839

ALT-PU-2024-15840

ALT-PU-2024-15841

BDU:2024-06674

CESA-2024_4517

CESA-2024_4635

CVE-2024-6603

DSA-5727-1

DSA-5733-1

INFSA-2024_4500

INFSA-2024_4517

INFSA-2024_4624

INFSA-2024_4635

MGASA-2024-0269

MGASA-2024-0274

OESA-2025-1258

OESA-2025-1265

OESA-2025-1268

OPENSUSE-SU-2024:14189-1

OPENSUSE-SU-2024:14197-1

OPENSUSE-SU-2024:14572-1

OPENSUSE-SU-2024_3003-1

OPENSUSE-SU-2024_3507-1

RHSA-2024:4500

RHSA-2024:4501

RHSA-2024:4508

RHSA-2024:4517

RHSA-2024:4586

RHSA-2024:4590

RHSA-2024:4610

RHSA-2024:4624

RHSA-2024:4625

RHSA-2024:4634

RHSA-2024:4635

RHSA-2024:4670

RHSA-2024:4671

RHSA-2024:4673

RHSA-2024:4717

RHSA-2024:4718

RHSA-2024:4894

RHSA-2024_4500

RHSA-2024_4517

RHSA-2024_4624

RHSA-2024_4635

RLSA-2024:4500

RLSA-2024:4624

RLSA-2024:4635

ROSA-SA-2025-2563

SUSE-SU-2024:2371-1

SUSE-SU-2024:2399-1

SUSE-SU-2024:2790-1

SUSE-SU-2024:2876-1

SUSE-SU-2024:3003-1

SUSE-SU-2024:3507-1

USN-6890-1

USN-6903-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Firefox

Firefox Esr

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2024-5881 · Mozilla+10 · Thunderbird+12

CVE-2024-6603

Weakness Enumeration

Related Identifiers

Affected Products

References · 2170