PT-2024-9961 · Mozilla+5 · Thunderbird+7

Ronald Crane

Published

2024-11-25

Updated

2025-07-18

CVE-2024-11704

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 133 Thunderbird versions prior to 133 Firefox ESR versions prior to 128.7 Thunderbird versions prior to 128.7

Description: A double-free issue could occur in the sec pkcs7 decoder start decrypt() function when handling an error path, potentially leading to memory corruption. This issue affects the confidentiality, integrity, and availability of protected information.

Recommendations: For Firefox versions prior to 133, update to version 133 or later. For Thunderbird versions prior to 133, update to version 133 or later. For Firefox ESR versions prior to 128.7, update to version 128.7 or later. For Thunderbird versions prior to 128.7, update to version 128.7 or later. As a temporary workaround, consider disabling the sec pkcs7 decoder start decrypt() function until a patch is available.

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALT-PU-2024-16375

ALT-PU-2025-2230

ALT-PU-2025-2672

ALT-PU-2025-2842

ALT-PU-2025-3294

ALT-PU-2025-4001

ALT-PU-2025-7695

ALT-PU-2025-8904

BDU:2025-00073

CVE-2024-11704

DLA-4044-1

DLA-4045-1

DSA-5858-1

DSA-5861-1

MGASA-2025-0045

MGASA-2025-0048

OESA-2025-1835

OPENSUSE-SU-2024:14583-1

OPENSUSE-SU-2025:14727-1

OPENSUSE-SU-2025:14731-1

OPENSUSE-SU-2025_0374-1

OPENSUSE-SU-2025_0405-1

SUSE-SU-2025:0374-1

SUSE-SU-2025:0391-1

SUSE-SU-2025:0405-1

SUSE-SU-2025_0374-1

SUSE-SU-2025_0391-1

USN-7134-1

Affected Products

Alt Linux

Astra Linux

Firefox

Firefox Esr

Linuxmint

Suse

Thunderbird

Ubuntu

PT-2024-9961 · Mozilla+5 · Thunderbird+7

CVE-2024-11704

Weakness Enumeration

Related Identifiers

Affected Products

References · 186