CVE-2024-11705
published 2024-11-26CVE-2024-11705: `NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading…
critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phKey` to be NULL for certain mechanisms. This vulnerability affects Firefox < 133 and Thunderbird < 133.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 134.0-1 (sid) | firefox 134.0-1 (sid) |
| mozilla | firefox | < 133.0 | 133.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 133.0+build2-0ubuntu0.20.04.1 | 133.0+build2-0ubuntu0.20.04.1 |
| mozilla | firefox | >= unspecified < 133 | 133 |
| mozilla | thunderbird | < 133.0 | 133.0 |
| mozilla | thunderbird | >= unspecified < 133 | 133 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
osv9.1CRITICAL
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2024-12-03·CVSS 4.3
CVE-2024-11692 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Several security issues were fixed in Firefox.
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-11692,
CVE-2024-11694, CVE-2024-11695, CVE-2024-11696, CVE-2024-11697,
CVE-2024-11699, CVE-2024-11701, CVE-2024-11704, CVE-2024-11705,
CVE-2024-11706, CVE-2024-11708)
Instructions: After a standard system update you need to restart Firefox to make all the
necessary changes
Red Hat
firefox: thunderbird: Null Pointer Dereference in NSC_DeriveKey
vendor_redhat·2024-11-26·CVSS 9.1
CVE-2024-11705 [CRITICAL] CWE-125 firefox: thunderbird: Null Pointer Dereference in NSC_DeriveKey
firefox: thunderbird: Null Pointer Dereference in NSC_DeriveKey
`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phKey` to be NULL for certain mechanisms. This vulnerability affects Firefox < 133 and Thunderbird < 133.
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: `NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phKey` to be NULL for certain m
Debian
CVE-2024-11705: firefox - `NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-N...
vendor_debian·2024·CVSS 9.1
CVE-2024-11705 [CRITICAL] CVE-2024-11705: firefox - `NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-N...
`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phKey` to be NULL for certain mechanisms. This vulnerability affects Firefox < 133 and Thunderbird < 133.
Scope: local
sid: resolved (fixed in 134.0-1)
Mozilla
Mozilla Foundation Security Advisory 2024-67: CVE-2024-11705
vendor_mozilla·CVSS 9.1
CVE-2024-11705 [CRITICAL] Mozilla Foundation Security Advisory 2024-67: CVE-2024-11705
Mozilla Foundation Security Advisory 2024-67
CVE: CVE-2024-11705
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 133
Mozilla
Mozilla Foundation Security Advisory 2024-63: CVE-2024-11705
vendor_mozilla·CVSS 9.1
CVE-2024-11705 [CRITICAL] Mozilla Foundation Security Advisory 2024-63: CVE-2024-11705
Mozilla Foundation Security Advisory 2024-63
CVE: CVE-2024-11705
Product: Firefox
Impact: high
Fixed in: Firefox 133
OSV
firefox vulnerabilities
osv·2024-12-03·CVSS 4.3
CVE-2024-11692 [MEDIUM] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-11692,
CVE-2024-11694, CVE-2024-11695, CVE-2024-11696, CVE-2024-11697,
CVE-2024-11699, CVE-2024-11701, CVE-2024-11704, CVE-2024-11705,
CVE-2024-11706, CVE-2024-11708)
OSV
CVE-2024-11705: `NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL
osv·2024-11-26·CVSS 9.1
CVE-2024-11705 [CRITICAL] CVE-2024-11705: `NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL
`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phKey` to be NULL for certain mechanisms. This vulnerability affects Firefox < 133 and Thunderbird < 133.
GHSA
GHSA-h43c-gg33-qj9g: `NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL
ghsa_unreviewed·2024-11-26
CVE-2024-11705 [CRITICAL] CWE-476 GHSA-h43c-gg33-qj9g: `NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL
`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phKey` to be NULL for certain mechanisms. This vulnerability affects Firefox < 133 and Thunderbird < 133.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-26
Published