CVE-2024-5702: Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12…

CVE-2024-5688 [HIGH] Thunderbird vulnerabilities Title: Thunderbird vulnerabilities Summary: Several security issues were fixed in Thunderbird. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code.(CVE-2024-5688, CVE-2024-5690, CVE-2024-5696, CVE-2024-5700, CVE-2024-5702) Luan Herrera discovered that Thunderbird did not properly validate the X-Frame-Options header inside sandboxed iframe. An attacker could potentially exploit this issue to bypass sandbox restrictions to open a new window. (CVE-2024-5691) Kirtikumar Anandrao Ramchandani discovered that Thunderbird did

CVE-2024-5702 [HIGH] CWE-416 Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12. Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this. Mariner: Mariner mozilla: mozilla Customer Action Requ

CVE-2024-5702 [HIGH] CWE-416 Mozilla: Use-after-free in networking Mozilla: Use-after-free in networking Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12. The Mozilla Foundation Security Advisory describes this flaw as: Memory corruption in the networking stack could have led to a potentially exploitable crash. Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope Package: thunderbird (Red Hat Enterprise Linux 6) - Out of support scope

CVE-2024-5702 [HIGH] CVE-2024-5702: firefox-esr - Memory corruption in the networking stack could have led to a potentially exploi... Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12. Scope: local bookworm: resolved (fixed in 115.12.0esr-1~deb12u1) bullseye: resolved (fixed in 115.12.0esr-1~deb11u1) forky: resolved (fixed in 115.12.0esr-1) sid: resolved (fixed in 115.12.0esr-1) trixie: resolved (fixed in 115.12.0esr-1)

CVE-2024-5702 [HIGH] Mozilla Foundation Security Advisory 2024-18: CVE-2024-5702 Mozilla Foundation Security Advisory 2024-18 CVE: CVE-2024-5702 Product: Firefox Impact: high Fixed in: Firefox 125

CVE-2024-5702 [HIGH] Mozilla Foundation Security Advisory 2024-26: CVE-2024-5702 Mozilla Foundation Security Advisory 2024-26 CVE: CVE-2024-5702 Product: Firefox ESR Impact: high Fixed in: Firefox ESR 115.12

CVE-2024-5702 [HIGH] Mozilla Foundation Security Advisory 2024-28: CVE-2024-5702 Mozilla Foundation Security Advisory 2024-28 CVE: CVE-2024-5702 Product: Thunderbird Impact: high Fixed in: Thunderbird 115.12

CVE-2024-5688 [HIGH] thunderbird vulnerabilities thunderbird vulnerabilities Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code.(CVE-2024-5688, CVE-2024-5690, CVE-2024-5696, CVE-2024-5700, CVE-2024-5702) Luan Herrera discovered that Thunderbird did not properly validate the X-Frame-Options header inside sandboxed iframe. An attacker could potentially exploit this issue to bypass sandbox restrictions to open a new window. (CVE-2024-5691) Kirtikumar Anandrao Ramchandani discovered that Thunderbird did not properly track cross-origin tainting in Offscreen Canvas. An att

CVE-2024-5702 [HIGH] CVE-2024-5702: Memory corruption in the networking stack could have led to a potentially exploitable crash Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12.

CVE-2024-5702 [HIGH] CWE-416 GHSA-gc3q-f2fq-g2xq: Memory corruption in the networking stack could have led to a potentially exploitable crash Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125 and Firefox ESR < 115.12.