CVE-2024-5702 — Use After Free in Mozilla Firefox

CWE-416 — Use After Free12 documents9 sources

Severity

7.5HIGHNVD

OSV8.1

EPSS

0.7%

top 27.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedJun 11

Latest updateJun 19

Description

Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

▶CVEListV5mozilla/firefoxunspecified — 125

▶NVDmozilla/firefox< 115.12+1

▶CVEListV5mozilla/firefox_esrunspecified — 115.12

▶CVEListV5mozilla/thunderbirdunspecified — 115.12

▶NVDmozilla/thunderbird< 115.12

🔴Vulnerability Details

OSV

thunderbird vulnerabilities↗2024-06-19

▶

OSV

CVE-2024-5702: Memory corruption in the networking stack could have led to a potentially exploitable crash↗2024-06-11

▶

CVEList

CVE-2024-5702: Memory corruption in the networking stack could have led to a potentially exploitable crash↗2024-06-11

▶

GHSA

GHSA-gc3q-f2fq-g2xq: Memory corruption in the networking stack could have led to a potentially exploitable crash↗2024-06-11

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2024-06-19

▶

Microsoft

Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12.↗2024-06-11

▶

Red Hat

Mozilla: Use-after-free in networking↗2024-06-11

▶

Debian

CVE-2024-5702: firefox-esr - Memory corruption in the networking stack could have led to a potentially exploi...↗2024

▶

Mozilla

Mozilla Foundation Security Advisory 2024-18: CVE-2024-5702↗

▶