PT-2024-5882 · Mozilla+6 · Thunderbird+8

Ronald Crane

·

Published

2024-07-09

·

Updated

2025-03-20

·

CVE-2024-6602

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 128 Firefox ESR versions prior to 115.13 Thunderbird versions prior to 115.13 Thunderbird versions prior to 128
Description A mismatch between allocator and deallocator could have led to memory corruption. This issue is related to improper restriction of operations within the bounds of a memory buffer, which could allow a remote attacker to impact system performance.
Recommendations For Firefox versions prior to 128, update to version 128 or later. For Firefox ESR versions prior to 115.13, update to version 115.13 or later. For Thunderbird versions prior to 115.13, update to version 115.13 or later. For Thunderbird versions prior to 128, update to version 128 or later.

Exploit

Fix

Code Injection

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-119

Related Identifiers

ALT-PU-2024-13895
ALT-PU-2024-13897
ALT-PU-2024-13898
ALT-PU-2024-14780
ALT-PU-2024-14892
ALT-PU-2024-15087
ALT-PU-2024-15175
ALT-PU-2024-15839
ALT-PU-2024-15840
ALT-PU-2024-15841
BDU:2024-06675
CVE-2024-6602
DLA-3937-1
DSA-5727-1
DSA-5733-1
DSA-5807-1
INFBA-2024_6680
MGASA-2024-0269
OESA-2024-1939
OESA-2025-1265
OESA-2025-1268
OPENSUSE-SU-2024:14189-1
OPENSUSE-SU-2024:14197-1
OPENSUSE-SU-2024:14572-1
OPENSUSE-SU-2024_3003-1
OPENSUSE-SU-2024_3507-1
RHSA-2024:4625
RHSA-2024:4670
RHSA-2024:4671
RHSA-2024:4717
RHSA-2024:4718
RHSA-2024:4894
SUSE-SU-2024:2371-1
SUSE-SU-2024:2399-1
SUSE-SU-2024:2790-1
SUSE-SU-2024:2876-1
SUSE-SU-2024:3003-1
SUSE-SU-2024:3507-1
USN-6890-1
USN-6903-1

Affected Products

Alt Linux
Astra Linux
Firefox
Firefox Esr
Linuxmint
Red Os
Suse
Thunderbird
Ubuntu