Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-10466

Опубликовано: 29 окт. 2024
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

The Mozilla Foundation's Security Advisory: By sending a specially crafted push message, a remote server could hang the parent process, causing the browser to become unresponsive.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6firefoxOut of support scope
Red Hat Enterprise Linux 6thunderbirdOut of support scope
Red Hat Enterprise Linux 7thunderbirdOut of support scope
Red Hat Enterprise Linux 9firefox-flatpak-containerAffected
Red Hat Enterprise Linux 9thunderbird-flatpak-containerAffected
Red Hat Enterprise Linux 7 Extended Lifecycle SupportfirefoxFixedRHSA-2024:872731.10.2024
Red Hat Enterprise Linux 8firefoxFixedRHSA-2024:872931.10.2024
Red Hat Enterprise Linux 8thunderbirdFixedRHSA-2024:879004.11.2024
Red Hat Enterprise Linux 8.2 Advanced Update SupportfirefoxFixedRHSA-2024:872431.10.2024
Red Hat Enterprise Linux 8.2 Advanced Update SupportthunderbirdFixedRHSA-2024:901607.11.2024

Показывать по

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2322438firefox: DOM push subscription message could hang Firefox

EPSS

Процентиль: 58%
0.00368
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

CVSS3: 7.5
ubuntu
8 месяцев назад

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

CVSS3: 7.5
nvd
8 месяцев назад

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

CVSS3: 7.5
debian
8 месяцев назад

By sending a specially crafted push message, a remote server could hav ...

CVSS3: 7.5
github
8 месяцев назад

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

CVSS3: 7.5
fstec
8 месяцев назад

Уязвимость веб-браузеров Firefox и Firefox ESR, почтового клиента Thunderbird, связанная с непринятием мер по защите структуры SQL-запроса, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 58%
0.00368
Низкий

4.3 Medium

CVSS3