CVE-2024-5700Access of Memory Location Before Start of Buffer in Mozilla Firefox

CWE-786Access of Memory Location Before Start of BufferCWE-788Access of Memory Location After End of BufferCWE-120Classic Buffer OverflowCWE-266Incorrect Privilege Assignment14 documents9 sources
Severity
7.0HIGHNVD
OSV8.1
EPSS
0.2%
top 61.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedJun 11
Latest updateJul 3

Description

Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages8 packages

CVEListV5mozilla/firefoxunspecified127
NVDmozilla/firefox< 115.12+1
CVEListV5mozilla/firefox_esrunspecified115.12
Ubuntumozilla/firefox< 127.0.2+build1-0ubuntu0.20.04.1
CVEListV5mozilla/thunderbirdunspecified115.12

🔴Vulnerability Details

5
OSV
firefox vulnerabilities2024-07-03
OSV
thunderbird vulnerabilities2024-06-19
GHSA
GHSA-pq6v-hjqm-frww: Memory safety bugs present in Firefox 126, Firefox ESR 1152024-06-11
OSV
CVE-2024-5700: Memory safety bugs present in Firefox 126, Firefox ESR 1152024-06-11
CVEList
CVE-2024-5700: Memory safety bugs present in Firefox 126, Firefox ESR 1152024-06-11

📋Vendor Advisories

8
Ubuntu
Firefox vulnerabilities2024-07-03
Ubuntu
Thunderbird vulnerabilities2024-06-19
Red Hat
Mozilla: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.122024-06-11
Cisco
Cisco IOS XR Software SSH Privilege Escalation Vulnerability2024-03-13
Debian
CVE-2024-5700: firefox - Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 1...2024
CVE-2024-5700 — Mozilla Firefox vulnerability | cvebase