CVE-2024-10464Out-of-bounds Read in Mozilla Firefox

CWE-125Out-of-bounds ReadCWE-799Improper Control of Interaction Frequency13 documents8 sources
Severity
6.5MEDIUMNVD
OSV7.5
EPSS
0.5%
top 33.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedOct 29
Latest updateFeb 2

Description

Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

CVEListV5mozilla/firefoxunspecified132
NVDmozilla/firefox< 128.4.0+1
CVEListV5mozilla/firefox_esrunspecified128.4
CVEListV5mozilla/thunderbirdunspecified128.4+1
NVDmozilla/thunderbird129.0132.0+1

🔴Vulnerability Details

4
OSV
firefox vulnerabilities2024-10-31
GHSA
GHSA-r2v5-q2jv-5cff: Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser2024-10-29
OSV
CVE-2024-10464: Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser2024-10-29
CVEList
CVE-2024-10464: Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser2024-10-29

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2026-02-02
Ubuntu
Firefox vulnerabilities2024-10-31
Red Hat
firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser2024-10-29
Debian
CVE-2024-10464: firefox - Repeated writes to history interface attributes could have been used to cause a ...2024
Mozilla
Mozilla Foundation Security Advisory 2024-56: CVE-2024-10464
CVE-2024-10464 — Out-of-bounds Read in Mozilla Firefox | cvebase