CVE-2024-4777 — Out-of-bounds Write in Mozilla Firefox

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	firefox	< firefox 126.0-1 (sid)	firefox 126.0-1 (sid)
debian	firefox-esr	< firefox 126.0-1 (sid)	firefox 126.0-1 (sid)
debian	thunderbird	< firefox 126.0-1 (sid)	firefox 126.0-1 (sid)
mozilla	firefox	< 115.11.0	115.11.0
mozilla	firefox	< 126.0	126.0
mozilla	firefox	—	—
mozilla	firefox	>= 0 < 126.0+build2-0ubuntu0.20.04.1	126.0+build2-0ubuntu0.20.04.1
mozilla	firefox	>= 0 < 126.0.1+build1-0ubuntu0.20.04.1	126.0.1+build1-0ubuntu0.20.04.1
mozilla	firefox	>= unspecified < 126	126
mozilla	firefox_esr	>= unspecified < 115.11	115.11
mozilla	thunderbird	< 115.11.0	115.11.0
mozilla	thunderbird	>= 0 < 1:115.11.0-1~deb11u1	1:115.11.0-1~deb11u1
mozilla	thunderbird	>= 0 < 1:115.11.0-1~deb12u1	1:115.11.0-1~deb12u1
mozilla	thunderbird	>= 0 < 1:115.11.0-1	1:115.11.0-1
mozilla	thunderbird	>= 0 < 1:115.11.0-1	1:115.11.0-1
mozilla	thunderbird	>= 0 < 1:115.11.0+build2-0ubuntu0.20.04.1	1:115.11.0+build2-0ubuntu0.20.04.1
mozilla	thunderbird	>= 0 < 1:115.11.0+build2-0ubuntu0.22.04.1	1:115.11.0+build2-0ubuntu0.22.04.1
mozilla	thunderbird	>= unspecified < 115.11	115.11
msrc	azl3_mozjs_102.15.1-1_on_azure_linux_3.0	—	—

OSV

firefox regressions

osv·2024-05-29·CVSS 8.8

CVE-2024-4767 [HIGH] firefox regressions firefox regressions USN-6779-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4771, CVE-2024-4772, CVE-2024-4773, CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, CVE-2024-4778) Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory when audio input connected with multiple consumers. An attacker could potentially exploit this issue to cause a denial of

OSV

thunderbird vulnerabilities

osv·2024-05-22·CVSS 8.8

CVE-2024-4767 [HIGH] thunderbird vulnerabilities thunderbird vulnerabilities Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4777) Thomas Rinsma discovered that Thunderbird did not properly handle type check when handling fonts in PDF.js. An attacker could potentially exploit this issue to execute arbitrary javascript code in PDF.js. (CVE-2024-4367) Irvan Kurniawan discovered that Thunderbird did not properly handle certain font styles when saving a page to PDF. An attacker could potentially exploit this issu

OSV

firefox vulnerabilities

osv·2024-05-21·CVSS 8.8

CVE-2024-4767 [HIGH] firefox vulnerabilities firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4771, CVE-2024-4772, CVE-2024-4773, CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, CVE-2024-4778) Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory when audio input connected with multiple consumers. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-4764) Thomas Rinsma discovered that Firefox did not properly handle type check when handling fonts in

OSV

CVE-2024-4777: Memory safety bugs present in Firefox 125, Firefox ESR 115

osv·2024-05-14·CVSS 8.8

CVE-2024-4777 [HIGH] CVE-2024-4777: Memory safety bugs present in Firefox 125, Firefox ESR 115 Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

GHSA

GHSA-qchj-32cr-96w5: Memory safety bugs present in Firefox 125, Firefox ESR 115

ghsa_unreviewed·2024-05-14

CVE-2024-4777 [HIGH] CWE-416 GHSA-qchj-32cr-96w5: Memory safety bugs present in Firefox 125, Firefox ESR 115 Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Ubuntu

Firefox regressions

vendor_ubuntu·2024-05-29·CVSS 8.8

[HIGH] Firefox regressions Title: Firefox regressions Summary: USN-6779-1 caused some minor regressions in Firefox. USN-6779-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4771, CVE-2024-4772, CVE-2024-4773, CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, CVE-2024-4778) Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory when audio input connected with multiple consumers.

Ubuntu

Thunderbird vulnerabilities

vendor_ubuntu·2024-05-22·CVSS 8.8

CVE-2024-4767 [HIGH] Thunderbird vulnerabilities Title: Thunderbird vulnerabilities Summary: Several security issues were fixed in Thunderbird. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4777) Thomas Rinsma discovered that Thunderbird did not properly handle type check when handling fonts in PDF.js. An attacker could potentially exploit this issue to execute arbitrary javascript code in PDF.js. (CVE-2024-4367) Irvan Kurniawan discovered that Thunderbird did not properly handle certain font styles when s

Ubuntu

Firefox vulnerabilities

vendor_ubuntu·2024-05-21·CVSS 8.8

CVE-2024-4768 [HIGH] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Several security issues were fixed in Firefox. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4771, CVE-2024-4772, CVE-2024-4773, CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, CVE-2024-4778) Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory when audio input connected with multiple consumers. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-4764) Thomas Rinsma discovered that Fi

Red Hat

Mozilla: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11

vendor_redhat·2024-05-14·CVSS 8.8

CVE-2024-4777 [HIGH] CWE-120 Mozilla: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 Mozilla: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code. Statement: Red Hat P

Microsoft

Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these coul

vendor_msrc·2024-05-14·CVSS 7.5

CVE-2024-4777 [HIGH] CWE-787 Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these coul Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more inform

Debian

CVE-2024-4777: firefox - Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 1...

vendor_debian·2024·CVSS 8.8

CVE-2024-4777 [HIGH] CVE-2024-4777: firefox - Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 1... Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Scope: local sid: resolved (fixed in 126.0-1)

Mozilla

Mozilla Foundation Security Advisory 2024-23: CVE-2024-4777

vendor_mozilla·CVSS 8.8

CVE-2024-4777 [HIGH] Mozilla Foundation Security Advisory 2024-23: CVE-2024-4777 Mozilla Foundation Security Advisory 2024-23 CVE: CVE-2024-4777 Product: Thunderbird Impact: moderate Fixed in: Thunderbird 115.11

Mozilla

Mozilla Foundation Security Advisory 2024-22: CVE-2024-4777

vendor_mozilla·CVSS 8.8

CVE-2024-4777 [HIGH] Mozilla Foundation Security Advisory 2024-22: CVE-2024-4777 Mozilla Foundation Security Advisory 2024-22 CVE: CVE-2024-4777 Product: Firefox ESR Impact: moderate Fixed in: Firefox ESR 115.11

Mozilla

Mozilla Foundation Security Advisory 2024-21: CVE-2024-4777

vendor_mozilla·CVSS 8.8

CVE-2024-4777 [HIGH] Mozilla Foundation Security Advisory 2024-21: CVE-2024-4777 Mozilla Foundation Security Advisory 2024-21 CVE: CVE-2024-4777 Product: Firefox Impact: moderate Fixed in: Firefox 126

CVE-2024-4777: Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume…

Affected

CVSS provenance