PT-2024-6063 · Mozilla+10 · Thunderbird+12

Irvan Kurniawan

Published

2024-05-14

Updated

2025-03-14

CVE-2024-4770

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 126 Firefox ESR versions prior to 115.11 Thunderbird versions prior to 115.11

Description The issue is related to a potential use-after-free crash when saving a page to PDF, due to certain font styles. This could allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For Firefox versions prior to 126, update to version 126 or later. For Firefox ESR versions prior to 115.11, update to version 115.11 or later. For Thunderbird versions prior to 115.11, update to version 115.11 or later.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2024:2883

ALSA-2024:2888

ALSA-2024:3783

ALSA-2024:3784

ALT-PU-2024-10126

ALT-PU-2024-10593

ALT-PU-2024-13897

ALT-PU-2024-14442

ALT-PU-2024-14892

ALT-PU-2024-15175

ALT-PU-2024-15839

ALT-PU-2024-15841

ALT-PU-2024-7772

ALT-PU-2024-7980

ALT-PU-2024-7982

BDU:2024-06887

CESA-2024_3783

CESA-2024_3784

CVE-2024-4770

DLA-3815-1

DLA-3817-1

DSA-5691-1

DSA-5693-1

INFSA-2024_2883

INFSA-2024_2888

INFSA-2024_3783

INFSA-2024_3784

MGASA-2024-0189

MGASA-2024-0191

OESA-2024-1953

OESA-2025-1265

OESA-2025-1268

OPENSUSE-SU-2024:13980-1

OPENSUSE-SU-2024:13981-1

OPENSUSE-SU-2024:14572-1

OPENSUSE-SU-2024_1770-1

OPENSUSE-SU-2024_1858-1

RHSA-2024:2881

RHSA-2024:2882

RHSA-2024:2883

RHSA-2024:2884

RHSA-2024:2885

RHSA-2024:2886

RHSA-2024:2887

RHSA-2024:2888

RHSA-2024:2903

RHSA-2024:2904

RHSA-2024:2905

RHSA-2024:2906

RHSA-2024:2911

RHSA-2024:2912

RHSA-2024:2913

RHSA-2024:3338

RHSA-2024:3783

RHSA-2024:3784

RHSA-2024_2881

RHSA-2024_2883

RHSA-2024_2888

RHSA-2024_2913

RHSA-2024_3783

RHSA-2024_3784

RLSA-2024:2888

RLSA-2024:3783

RLSA-2024:3784

SUSE-SU-2024:1676-1

SUSE-SU-2024:1770-1

SUSE-SU-2024:1858-1

USN-6779-1

USN-6779-2

USN-6782-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Firefox

Firefox Esr

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2024-6063 · Mozilla+10 · Thunderbird+12

CVE-2024-4770

Weakness Enumeration

Related Identifiers

Affected Products

References · 2175