Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-6602

Опубликовано: 09 июл. 2024
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

A mismatch between allocator and deallocator could have led to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

The Mozilla Foundation Security Advisory describes this flaw as: A mismatch between allocator and deallocator could have lead to memory corruption.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Firefox and Thunderbird in Red Hat Enterprise Linux 8.8 and later are not affected by this vulnerability, as they use the system NSS library. Firefox and Thunderbird in earlier Red Hat Enterprise Linux 8 extended life streams were affected, and should be updated to fixed versions as they become available.

Меры по смягчению последствий

Currently, no mitigation is available for this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6firefoxOut of support scope
Red Hat Enterprise Linux 6nssOut of support scope
Red Hat Enterprise Linux 6thunderbirdOut of support scope
Red Hat Enterprise Linux 7firefoxOut of support scope
Red Hat Enterprise Linux 7nssOut of support scope
Red Hat Enterprise Linux 7thunderbirdOut of support scope
Red Hat Enterprise Linux 8firefoxNot affected
Red Hat Enterprise Linux 8thunderbirdNot affected
Red Hat Enterprise Linux 9firefoxNot affected
Red Hat Enterprise Linux 9thunderbirdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=2296637Mozilla: Memory corruption in NSS

EPSS

Процентиль: 75%
0.00834
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-6602

CVSS3: 9.8
ubuntu
больше 1 года назад

A mismatch between allocator and deallocator could have led to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

nvd логотип

CVE-2024-6602

CVSS3: 9.8
nvd
больше 1 года назад

A mismatch between allocator and deallocator could have led to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

debian логотип

CVE-2024-6602

CVSS3: 9.8
debian
больше 1 года назад

A mismatch between allocator and deallocator could have led to memory ...

github логотип

GHSA-v6r5-wp7h-cj77

CVSS3: 9.8
github
больше 1 года назад

A mismatch between allocator and deallocator could have lead to memory corruption. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.

fstec логотип

BDU:2024-06675

CVSS3: 6.1
fstec
больше 1 года назад

Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR, почтового клиента Mozilla Thunderbird, связанная с неправильным ограничением операций в пределах буфера памяти, позволяющая нарушителю оказать влияние на работу системы

EPSS

Процентиль: 75%
0.00834
Низкий

6.1 Medium

CVSS3