CVE-2024-3864

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-3864
Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
CVSS

No CVSS.

References
Link Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1888333 Issue Tracking Exploit Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1888333 Issue Tracking Exploit Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html Mailing List
https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html Mailing List
https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html Mailing List
https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html Mailing List
https://www.mozilla.org/security/advisories/mfsa2024-18/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-18/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-19/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-19/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-20/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-20/ Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
History

01 Apr 2025, 17:39

Type Values Removed Values Added
References () https://www.mozilla.org/security/advisories/mfsa2024-18/ - () https://www.mozilla.org/security/advisories/mfsa2024-18/ - Vendor Advisory
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1888333 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1888333 - Issue Tracking, Exploit, Vendor Advisory
References () https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html - () https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html - Mailing List
References () https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html - () https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html - Mailing List
References () https://www.mozilla.org/security/advisories/mfsa2024-19/ - () https://www.mozilla.org/security/advisories/mfsa2024-19/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2024-20/ - () https://www.mozilla.org/security/advisories/mfsa2024-20/ - Vendor Advisory
CPE cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
First Time Mozilla thunderbird
Debian debian Linux
Mozilla firefox
Debian
Mozilla

24 Apr 2024, 10:15

Type Values Removed Values Added
References
  • () https://www.mozilla.org/security/advisories/mfsa2024-20/ -
Summary Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10. Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

22 Apr 2024, 10:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html -

19 Apr 2024, 11:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html -

16 Apr 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-16 16:15

Updated : 2025-04-01 17:39

NVD link : CVE-2024-3864

Mitre link : CVE-2024-3864

JSON object : View

Products Affected

debian

  • debian_linux

mozilla

  • firefox
  • thunderbird
CWE

No CWE.