Vulnerability CVE-2024-3302: Information
Description
There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
Published: April 16, 2024
Modified: April 24, 2024
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
firefox | sisyphus | 125.0.1-alt1 | 125.0.3-alt1 | ALT-PU-2024-6765-2 | 345346 | Fixed |
firefox | sisyphus_loongarch64 | 125.0.1-alt1.0.port | 125.0.3-alt1.0.port | ALT-PU-2024-7109-1 | - | Fixed |
firefox-esr | sisyphus | 115.10.0-alt1 | 115.10.0-alt1 | ALT-PU-2024-6719-2 | 344912 | Fixed |
firefox-esr | sisyphus_loongarch64 | 115.10.0-alt1 | 115.10.0-alt1 | ALT-PU-2024-6794-1 | - | Fixed |
firefox-esr | p10 | 115.10.0-alt1 | 115.10.0-alt1 | ALT-PU-2024-6721-3 | 345277 | Fixed |
palemoon | sisyphus | 33.1.0-alt1 | 33.0.2-alt1 | ALT-PU-2024-7489-2 | 347518 | Fixed |