CVE-2024-10466Uncontrolled Resource Consumption in Mozilla Firefox

CWE-400Uncontrolled Resource ConsumptionCWE-89SQL Injection13 documents8 sources
Severity
7.5HIGHNVD
EPSS
0.7%
top 28.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedOct 29
Latest updateFeb 2

Description

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

CVEListV5mozilla/firefoxunspecified132
NVDmozilla/firefox< 128.4.0+1
CVEListV5mozilla/firefox_esrunspecified128.4
CVEListV5mozilla/thunderbirdunspecified128.4+1
NVDmozilla/thunderbird129.0132.0+1

🔴Vulnerability Details

4
OSV
firefox vulnerabilities2024-10-31
GHSA
GHSA-4wjh-chq6-qh88: By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive2024-10-29
OSV
CVE-2024-10466: By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive2024-10-29
CVEList
CVE-2024-10466: By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive2024-10-29

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2026-02-02
Ubuntu
Firefox vulnerabilities2024-10-31
Red Hat
firefox: DOM push subscription message could hang Firefox2024-10-29
Debian
CVE-2024-10466: firefox - By sending a specially crafted push message, a remote server could have hung the...2024
Mozilla
Mozilla Foundation Security Advisory 2024-56: CVE-2024-10466
CVE-2024-10466 — Uncontrolled Resource Consumption | cvebase