CVE-2024-2605 — Mozilla Firefox vulnerability

11 documents9 sources

Severity

5.9MEDIUMNVD

EPSS

0.3%

top 44.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedMar 19

Latest updateApr 17

Description

An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5mozilla/firefoxunspecified — 124

▶NVDmozilla/firefox< 115.9.0+1

▶CVEListV5mozilla/firefox_esrunspecified — 115.9

▶CVEListV5mozilla/thunderbirdunspecified — 115.9

▶NVDmozilla/thunderbird< 115.9.0

🔴Vulnerability Details

GHSA

GHSA-pwwp-85rf-2286: An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox↗2024-03-19

▶

CVEList

CVE-2024-2605: An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox↗2024-03-19

▶

OSV

CVE-2024-2605: An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox↗2024-03-19

▶

📋Vendor Advisories

Red Hat

Mozilla: Windows Error Reporter could be used as a Sandbox escape vector↗2024-03-19

▶

Microsoft

▶

Debian

CVE-2024-2605: firefox - An attacker could have leveraged the Windows Error Reporter to run arbitrary cod...↗2024

▶

Mozilla

Mozilla Foundation Security Advisory 2024-12: CVE-2024-2605↗

▶

Mozilla

Mozilla Foundation Security Advisory 2024-14: CVE-2024-2605↗

▶

💬Community

Bugzilla

CVE-2024-26862 kernel: packet: annotate data-races around ignore_outgoing↗2024-04-17

▶