CVE-2024-2616 — Out-of-bounds Write in Mozilla Firefox ESR

CWE-787 — Out-of-bounds Write9 documents8 sources

Severity

2.7LOWNVD

EPSS

0.0%

top 87.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox ESR Mozilla Thunderbird Mozilla Firefox

Timeline

PublishedMar 19

Latest updateMar 26

Description

To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:LExploitability: 1.2 | Impact: 1.4

Affected Packages5 packages

▶NVDmozilla/firefox< 115.9.0

▶CVEListV5mozilla/firefox_esrunspecified — 115.9

▶CVEListV5mozilla/thunderbirdunspecified — 115.9

▶NVDmozilla/thunderbird< 115.9.0

▶Debianmozilla/thunderbird< 1:115.9.0-1~deb11u1+3

🔴Vulnerability Details

CVEList

CVE-2024-2616: To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue↗2024-03-19

▶

OSV

CVE-2024-2616: To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue↗2024-03-19

▶

GHSA

GHSA-r78f-49fx-h798: To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue↗2024-03-19

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2024-03-26

▶

Red Hat

Mozilla: Improve handling of out-of-memory conditions in ICU↗2024-03-19

▶

Debian

CVE-2024-2616: firefox-esr - To harden ICU against exploitation, the behavior for out-of-memory conditions wa...↗2024

▶

Mozilla

Mozilla Foundation Security Advisory 2024-14: CVE-2024-2616↗

▶

Mozilla

Mozilla Foundation Security Advisory 2024-13: CVE-2024-2616↗

▶