Vulnerability CVE-2024-1553: Information

Description

Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

URL: https://nvd.nist.gov/vuln/detail/CVE-2024-1553
Published: Feb. 20, 2024
Modified: March 4, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus123.0-alt1127.0-alt1ALT-PU-2024-2933-1341362Fixed
firefoxsisyphus_riscv64123.0-alt0.port126.0-alt0.portALT-PU-2024-3300-1-Fixed
firefoxsisyphus_loongarch64123.0-alt1.0.port126.0-alt1.0.portALT-PU-2024-3000-1-Fixed
firefoxp11123.0-alt1126.0.1-alt1ALT-PU-2024-2933-1341362Fixed
firefox-esrsisyphus115.8.0-alt1115.11.0-alt1ALT-PU-2024-2827-2341225Fixed
firefox-esrsisyphus_loongarch64115.8.0-alt1115.11.0-alt1ALT-PU-2024-2999-1-Fixed
firefox-esrp10115.8.0-alt1115.11.0-alt1ALT-PU-2024-2835-2341263Fixed
firefox-esrc10f1115.8.0-alt0.c10.1115.9.1-alt0.c10.1ALT-PU-2024-3614-2340631Fixed
firefox-esrp11115.8.0-alt1115.11.0-alt1ALT-PU-2024-2827-2341225Fixed
thunderbirdsisyphus115.8.0-alt1115.9.0-alt1ALT-PU-2024-2870-2341315Fixed
thunderbirdsisyphus_loongarch64115.8.0-alt1115.9.0-alt1ALT-PU-2024-3069-1-Fixed
thunderbirdp10115.8.1-alt1115.9.0-alt1ALT-PU-2024-3860-2342581Fixed
thunderbirdc10f1115.8.1-alt0.c10.1115.9.0-alt0.c10.1ALT-PU-2024-4748-2343092Fixed
thunderbirdp11115.8.0-alt1115.9.0-alt1ALT-PU-2024-2870-2341315Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8
    https://www.mozilla.org/security/advisories/mfsa2024-05/
      https://www.mozilla.org/security/advisories/mfsa2024-06/
        https://www.mozilla.org/security/advisories/mfsa2024-07/
          https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html
            https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html
              VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
              Version: v24.5.3
              Back to top