CVE-2024-10459 — Use After Free in Mozilla Firefox

CWE-416 — Use After Free13 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 27.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedOct 29

Latest updateOct 31

Description

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

▶CVEListV5mozilla/firefoxunspecified — 132

▶NVDmozilla/firefox116.0 — 128.4.0+2

▶CVEListV5mozilla/firefox_esrunspecified — 128.4+1

▶Ubuntumozilla/firefox< 132.0+build1-0ubuntu0.20.04.1

▶CVEListV5mozilla/thunderbirdunspecified — 128.4+1

🔴Vulnerability Details

OSV

firefox vulnerabilities↗2024-10-31

▶

CVEList

CVE-2024-10459: An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash↗2024-10-29

▶

OSV

CVE-2024-10459: An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash↗2024-10-29

▶

GHSA

GHSA-77hv-rqc3-4gm6: An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash↗2024-10-29

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2024-10-31

▶

Red Hat

firefox: thunderbird: Use-after-free in layout with accessibility↗2024-10-29

▶

Debian

CVE-2024-10459: firefox - An attacker could have caused a use-after-free when accessibility was enabled, l...↗2024

▶

Mozilla

Mozilla Foundation Security Advisory 2024-59: CVE-2024-10459↗

▶

Mozilla

Mozilla Foundation Security Advisory 2024-57: CVE-2024-10459↗

▶