Vulnerability CVE-2024-3864: Information

Description

Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

URL: https://nvd.nist.gov/vuln/detail/CVE-2024-3864
Published: April 16, 2024
Modified: April 24, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus125.0.1-alt1125.0.3-alt1ALT-PU-2024-6765-2345346Fixed
firefoxsisyphus_loongarch64125.0.1-alt1.0.port125.0.3-alt1.0.portALT-PU-2024-7109-1-Fixed
firefox-esrsisyphus115.10.0-alt1115.10.0-alt1ALT-PU-2024-6719-2344912Fixed
firefox-esrsisyphus_loongarch64115.10.0-alt1115.10.0-alt1ALT-PU-2024-6794-1-Fixed
firefox-esrp10115.10.0-alt1115.10.0-alt1ALT-PU-2024-6721-3345277Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10
    https://www.mozilla.org/security/advisories/mfsa2024-18/
      https://www.mozilla.org/security/advisories/mfsa2024-19/
        https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html
          https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html
            https://www.mozilla.org/security/advisories/mfsa2024-20/
              VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
              Version: v24.5.0
              Back to top