CVE-2024-10467 — Out-of-bounds Write in Mozilla Firefox

Vendor	Product	Version range	Fixed in
debian	firefox	< firefox 132.0-1 (sid)	firefox 132.0-1 (sid)
debian	firefox-esr	< firefox 132.0-1 (sid)	firefox 132.0-1 (sid)
debian	thunderbird	< firefox 132.0-1 (sid)	firefox 132.0-1 (sid)
mozilla	firefox	< 128.4.0	128.4.0
mozilla	firefox	< 132.0	132.0
mozilla	firefox	—	—
mozilla	firefox	>= 0 < 132.0+build1-0ubuntu0.20.04.1	132.0+build1-0ubuntu0.20.04.1
mozilla	firefox	>= unspecified < 132	132
mozilla	firefox_esr	>= unspecified < 128.4	128.4
mozilla	thunderbird	< 128.4.0	128.4.0
mozilla	thunderbird	>= 0 < 1:128.4.0esr-1~deb11u1	1:128.4.0esr-1~deb11u1
mozilla	thunderbird	>= 0 < 1:128.4.0esr-1~deb12u1	1:128.4.0esr-1~deb12u1
mozilla	thunderbird	>= 0 < 1:128.4.0esr-1	1:128.4.0esr-1
mozilla	thunderbird	>= 0 < 1:128.4.0esr-1	1:128.4.0esr-1
mozilla	thunderbird	>= 129.0 < 132.0	132.0
mozilla	thunderbird	>= unspecified < 128.4	128.4
mozilla	thunderbird	>= unspecified < 132	132

Ubuntu

Thunderbird vulnerabilities

vendor_ubuntu·2026-02-02

CVE-2025-8031 Thunderbird vulnerabilities Title: Thunderbird vulnerabilities Summary: Several security issues were fixed in Thunderbird. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Instructions: In general, a standard system update will make all the necessary changes.

Ubuntu

Firefox vulnerabilities

vendor_ubuntu·2024-10-31·CVSS 7.5

CVE-2024-10459 [HIGH] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Several security issues were fixed in Firefox. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-10458 CVE-2024-10459, CVE-2024-10460, CVE-2024-10461, CVE-2024-10462, CVE-2024-10463, CVE-2024-10464, CVE-2024-10465, CVE-2024-10466, CVE-2024-10467, CVE-2024-10468) Instructions: After a standard system update you need to restart Firefox to make all the necessary changes.

Red Hat

firefox: thunderbird: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4

vendor_redhat·2024-10-29·CVSS 8.8

CVE-2024-10467 [HIGH] CWE-120 firefox: thunderbird: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4 firefox: thunderbird: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4 Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to

Debian

CVE-2024-10467: firefox - Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 12...

vendor_debian·2024·CVSS 8.8

CVE-2024-10467 [HIGH] CVE-2024-10467: firefox - Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 12... Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. Scope: local sid: resolved (fixed in 132.0-1)

Mozilla

Mozilla Foundation Security Advisory 2024-55: CVE-2024-10467

vendor_mozilla·CVSS 8.8

CVE-2024-10467 [HIGH] Mozilla Foundation Security Advisory 2024-55: CVE-2024-10467 Mozilla Foundation Security Advisory 2024-55 CVE: CVE-2024-10467 Product: Firefox Impact: moderate Fixed in: Firefox 132

Mozilla

Mozilla Foundation Security Advisory 2024-56: CVE-2024-10467

vendor_mozilla·CVSS 8.8

CVE-2024-10467 [HIGH] Mozilla Foundation Security Advisory 2024-56: CVE-2024-10467 Mozilla Foundation Security Advisory 2024-56 CVE: CVE-2024-10467 Product: Firefox ESR Impact: moderate Fixed in: Firefox ESR 128.4

Mozilla

Mozilla Foundation Security Advisory 2024-59: CVE-2024-10467

vendor_mozilla·CVSS 8.8

CVE-2024-10467 [HIGH] Mozilla Foundation Security Advisory 2024-59: CVE-2024-10467 Mozilla Foundation Security Advisory 2024-59 CVE: CVE-2024-10467 Product: Thunderbird Impact: moderate Fixed in: Thunderbird 132

Mozilla

Mozilla Foundation Security Advisory 2024-58: CVE-2024-10467

vendor_mozilla·CVSS 8.8

CVE-2024-10467 [HIGH] Mozilla Foundation Security Advisory 2024-58: CVE-2024-10467 Mozilla Foundation Security Advisory 2024-58 CVE: CVE-2024-10467 Product: Thunderbird Impact: moderate Fixed in: Thunderbird 128.4

OSV

firefox vulnerabilities

osv·2024-10-31·CVSS 7.5

CVE-2024-10458 [HIGH] firefox vulnerabilities firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-10458 CVE-2024-10459, CVE-2024-10460, CVE-2024-10461, CVE-2024-10462, CVE-2024-10463, CVE-2024-10464, CVE-2024-10465, CVE-2024-10466, CVE-2024-10467, CVE-2024-10468)

OSV

CVE-2024-10467: Memory safety bugs present in Firefox 131, Firefox ESR 128

osv·2024-10-29·CVSS 8.8

CVE-2024-10467 [HIGH] CVE-2024-10467: Memory safety bugs present in Firefox 131, Firefox ESR 128 Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

GHSA

GHSA-9v98-vwhg-6x24: Memory safety bugs present in Firefox 131, Firefox ESR 128

ghsa_unreviewed·2024-10-29

CVE-2024-10467 [CRITICAL] CWE-120 GHSA-9v98-vwhg-6x24: Memory safety bugs present in Firefox 131, Firefox ESR 128 Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

CVE-2024-10467: Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume…

Affected

CVSS provenance