CVE-2024-3302: There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the…

CVE-2024-3852 [LOW] firefox regressions firefox regressions USN-6747-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-3852, CVE-2024-3864, CVE-2024-3865) Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization

CVE-2024-2609 [MEDIUM] thunderbird vulnerabilities thunderbird vulnerabilities Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2024-2609, CVE-2024-3852, CVE-2024-3864) Bartek Nowotarski discovered that Thunderbird did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Lukas Bernhard discovered that Thunderbird did not properly manage memory during JIT optimisations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denia

CVE-2024-3852 [LOW] firefox vulnerabilities firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-3852, CVE-2024-3864, CVE-2024-3865) Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-3853) Lukas Bernhard discovered

CVE-2024-3302 [LOW] CVE-2024-3302: There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

CVE-2024-3302 [LOW] CWE-770 GHSA-p6gp-c388-p4cr: There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10.

[LOW] Firefox regressions Title: Firefox regressions Summary: USN-6747-1 caused some minor regressions in Firefox. USN-6747-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-3852, CVE-2024-3864, CVE-2024-3865) Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Gary Kwong discovered that Firefox did not properly man

CVE-2024-3861 [MEDIUM] Thunderbird vulnerabilities Title: Thunderbird vulnerabilities Summary: Several security issues were fixed in Thunderbird. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2024-2609, CVE-2024-3852, CVE-2024-3864) Bartek Nowotarski discovered that Thunderbird did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Lukas Bernhard discovered that Thunderbird did not properly manage memory during JIT optimisations, leading to an out-of-bounds read vulne

CVE-2024-3853 [LOW] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Several security issues were fixed in Firefox. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-3852, CVE-2024-3864, CVE-2024-3865) Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization. An attacker could potentially exploit this issue to cause a denial of service, or ex

CVE-2024-3302 [LOW] CWE-400 Mozilla: Denial of Service using HTTP/2 CONTINUATION frames Mozilla: Denial of Service using HTTP/2 CONTINUATION frames There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. The Mozilla Foundation Security Advisory describes this flaw as: There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope Package: thunderbird (Red Hat Enterprise Linux 6)

CVE-2024-3302 [LOW] CVE-2024-3302: firefox - There was no limit to the number of HTTP/2 CONTINUATION frames that would be pro... There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Scope: local sid: resolved (fixed in 125.0.1-1)

CVE-2024-3302 [LOW] Mozilla Foundation Security Advisory 2024-19: CVE-2024-3302 Mozilla Foundation Security Advisory 2024-19 CVE: CVE-2024-3302 Product: Firefox ESR Impact: high Fixed in: Firefox ESR 115.10

CVE-2024-3302 [LOW] Mozilla Foundation Security Advisory 2024-20: CVE-2024-3302 Mozilla Foundation Security Advisory 2024-20 CVE: CVE-2024-3302 Product: Thunderbird Impact: high Fixed in: Thunderbird 115.10

CVE-2024-3302 [LOW] Mozilla Foundation Security Advisory 2024-18: CVE-2024-3302 Mozilla Foundation Security Advisory 2024-18 CVE: CVE-2024-3302 Product: Firefox Impact: high Fixed in: Firefox 125

[VU#421644] Possible OOM DOS attack via Http2 CONTINUATION frames [VU#421644] Possible OOM DOS attack via Http2 CONTINUATION frames There's no limit on the number of Continuation Header frames we'll append to a header, even past the maximum size. This could be leveraged by an evil server to OOM a client. There may be a few variations; see the linked bug. Discussion: I suggest that we could utilize the existing preference (`network.http.max_response_header_size`, set at 384K) as the maximum limit for the size of received headers in HTTP/2. When reviewing the [telemetry probe data](https://sql.telemetry.mozilla.org/queries/98474/source#243189), it appears that the value of [mAggregatedHeaderSize](https://searchfox.org/mozilla-central/rev/b73676a106c1655030bb876fd5e0a6825aee6044/netwerk/protocol/http/Http2Session.cpp#1492) is smaller than this limit, ind