CVE-2024-0741Out-of-bounds Write in Mozilla Firefox

CWE-787Out-of-bounds Write15 documents9 sources
Severity
6.5MEDIUMNVD
EPSS
49.1%
top 2.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+1 more
Timeline
PublishedJan 23
Latest updateMar 4

Description

An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages9 packages

CVEListV5mozilla/firefoxunspecified122
NVDmozilla/firefox< 122.0
CVEListV5mozilla/firefox_esrunspecified115.7
NVDmozilla/firefox_esr< 115.7
Ubuntumozilla/firefox< 122.0.1+build1-0ubuntu0.20.04.1+1

Also affects: Debian Linux 10.0

🔴Vulnerability Details

6
OSV
thunderbird vulnerabilities2024-03-04
OSV
firefox regressions2024-02-07
OSV
firefox vulnerabilities2024-01-29
CVEList
CVE-2024-0741: An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash2024-01-23
GHSA
GHSA-h59p-5475-hhmr: An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash2024-01-23

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2024-03-04
Ubuntu
Firefox vulnerabilities2024-01-29
Red Hat
Mozilla: Out of bounds write in ANGLE2024-01-23
Microsoft
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderb2024-01-09
Debian
CVE-2024-0741: firefox - An out of bounds write in ANGLE could have allowed an attacker to corrupt memory...2024
CVE-2024-0741 — Out-of-bounds Write in Mozilla Firefox | cvebase