PT-2024-6716 · Mozilla+10 · Firefox Esr+12

Damien Schaeffer

Published

2024-03-25

Updated

2026-04-22

CVE-2024-9680

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions

Mozilla Firefox versions 128.3.1 ESR through 131.0.2 Mozilla Thunderbird versions 128.3.1 through 128.4.2

Description

The reported issue addresses a use-after-free vulnerability in Mozilla Firefox and Thunderbird. This vulnerability could potentially allow for arbitrary code execution. The issue affects versions 128.3.1 ESR and later of Firefox, and versions 128.3.1 and later of Thunderbird. Multiple security issues were discovered in both applications.

Recommendations

Mozilla Firefox versions 128.3.1 ESR through 131.0.2: Upgrade to the latest version. Mozilla Thunderbird versions 128.3.1 through 128.4.2: Upgrade to the latest version.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2024:7958

ALSA-2024:7977

ALSA-2024:8024

ALSA-2024:8025

ALSA-2024:9552

ALSA-2024:9554

ALSA-2024_1484

ALSA-2024_1485

ALSA-2024_1493

ALSA-2024_1494

ALSA-2024_1908

ALSA-2024_1912

ALSA-2024_1939

ALSA-2024_1940

ALSA-2024_7958

ALSA-2024_7977

ALSA-2024_8024

ALSA-2024_8025

ALSA-2024_9552

ALSA-2024_9554

ALSA-2025_16880

ALT-PU-2024-13895

ALT-PU-2024-13898

ALT-PU-2024-14780

ALT-PU-2024-14892

ALT-PU-2024-15087

ALT-PU-2024-15091

ALT-PU-2024-15175

ALT-PU-2024-15839

ALT-PU-2024-15840

ALT-PU-2024-15841

BDU:2024-07929

CESA-2024_7977

CESA-2024_8024

CVE-2024-9680

DLA-3914-1

DLA-3916-1

DSA-5788-1

DSA-5789-1

ELSA-2024-7958

ELSA-2024-7977

ELSA-2024-8024

ELSA-2024-8025

ELSA-2024-8034

ELSA-2024-9552

ELSA-2024-9554

INFSA-2024_7958

INFSA-2024_7977

INFSA-2024_8024

INFSA-2024_8025

INFSA-2024_9552

INFSA-2024_9554

MGASA-2024-0331

MGASA-2024-0334

MGASA-2024-0336

OESA-2024-2241

OESA-2025-1265

OESA-2025-1268

OESA-2025-1835

OPENSUSE-SU-2024:14393-1

OPENSUSE-SU-2024:14394-1

OPENSUSE-SU-2024:14397-1

OPENSUSE-SU-2024:14572-1

OPENSUSE-SU-2024_3614-1

OPENSUSE-SU-2024_3629-1

OPENSUSE-SU-2024_3731-1

RHSA-2024:7958

RHSA-2024:7977

RHSA-2024:8024

RHSA-2024:8025

RHSA-2024:8026

RHSA-2024:8027

RHSA-2024:8028

RHSA-2024:8029

RHSA-2024:8030

RHSA-2024:8031

RHSA-2024:8032

RHSA-2024:8033

RHSA-2024:8034

RHSA-2024:8131

RHSA-2024:8166

RHSA-2024:8167

RHSA-2024:8176

RHSA-2024:9552

RHSA-2024:9554

RHSA-2024_7958

RHSA-2024_7977

RHSA-2024_8024

RHSA-2024_8025

RHSA-2024_9552

RHSA-2024_9554

RLSA-2024:7958

RLSA-2024:7977

RLSA-2024:8024

RLSA-2024:8025

RLSA-2024_7958

RLSA-2024_7977

RLSA-2024_8024

RLSA-2024_8025

SUSE-SU-2024:3603-1

SUSE-SU-2024:3614-1

SUSE-SU-2024:3629-1

SUSE-SU-2024:3731-1

SUSE-SU-2024_3603-1

SUSE-SU-2024_3614-1

SUSE-SU-2024_3629-1

SUSE-SU-2024_3731-1

USN-7065-1

USN-7066-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Firefox Esr

Linuxmint

Firefox

Red Hat

Red Os

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2024-6716 · Mozilla+10 · Firefox Esr+12

CVE-2024-9680

Weakness Enumeration

Related Identifiers

Affected Products

References · 2449