CVE-2024-8394: When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This…

CVE-2024-8394 [MEDIUM] CWE-416 thunderbird: Crash when aborting verification of OTR chat thunderbird: Crash when aborting verification of OTR chat When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2. A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising eas

CVE-2024-8394 [MEDIUM] CVE-2024-8394: thunderbird - When aborting the verification of an OTR chat session, an attacker could have ca... When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 1:128.2.0esr-1) sid: resolved (fixed in 1:128.2.0esr-1) trixie: resolved (fixed in 1:128.2.0esr-1)

CVE-2024-8394 [MEDIUM] Mozilla Foundation Security Advisory 2024-43: CVE-2024-8394 Mozilla Foundation Security Advisory 2024-43 CVE: CVE-2024-8394 Product: Thunderbird Impact: high Fixed in: Thunderbird 128.2

CVE-2024-8394 [MEDIUM] CVE-2024-8394: When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2.

CVE-2024-8394 [MEDIUM] CWE-416 GHSA-688v-74jq-v222: When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2.

CVE-2024-26875 [MEDIUM] CVE-2024-26875 kernel: media: pvrusb2: fix uaf in pvr2_context_set_notify CVE-2024-26875 kernel: media: pvrusb2: fix uaf in pvr2_context_set_notify In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix uaf in pvr2_context_set_notify The Linux kernel CVE team has assigned CVE-2024-26875 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024041739-CVE-2024-26875-8394@gregkh/T Discussion: Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2275702] --- The result of automatic check (that is developed by Alexander Larkin) for this CVE-2024-26875 is: CHECK Maybe valid. Check manually. with impact LOW (that is an approximation based on flags READ KASAN USB INIT RACE UAF ; these flags parsed automatically based on patch data). Such automatic check happens only for Low/Moderates (and