Описание
There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
The Mozilla Foundation Security Advisory describes this flaw as:
There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser.
Отчет
Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 6 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 9 | firefox-flatpak-container | Affected | ||
| Red Hat Enterprise Linux 9 | thunderbird-flatpak-container | Affected | ||
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2024:1910 | 18.04.2024 |
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2024:1935 | 22.04.2024 |
| Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2024:1912 | 18.04.2024 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2024:1939 | 22.04.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | firefox | Fixed | RHSA-2024:1904 | 18.04.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | thunderbird | Fixed | RHSA-2024:1934 | 22.04.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.7 Low
CVSS3
Связанные уязвимости
There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
There was no limit to the number of HTTP/2 CONTINUATION frames that wo ...
EPSS
3.7 Low
CVSS3