CVE-2024-9396 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents8 sources
Severity
8.8HIGHNVD
OSV9.8
EPSS
0.2%
top 60.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 1
Latest updateFeb 2
Description
It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages7 packages
🔴Vulnerability Details
4CVEList▶
CVE-2024-9396: It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corr↗2024-10-01
GHSA▶
GHSA-667m-43f5-gwwr: It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corr↗2024-10-01
OSV▶
CVE-2024-9396: It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corr↗2024-10-01
📋Vendor Advisories
8Red Hat
▶
Debian▶
CVE-2024-9396: firefox - It is currently unknown if this issue is exploitable but a condition may arise w...↗2024