CVE-2024-10464

Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

History

04 Nov 2024, 13:30

Type Values Removed Values Added
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1913000 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1913000 - Issue Tracking, Permissions Required
References () https://www.mozilla.org/security/advisories/mfsa2024-55/ - () https://www.mozilla.org/security/advisories/mfsa2024-55/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2024-56/ - () https://www.mozilla.org/security/advisories/mfsa2024-56/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2024-58/ - () https://www.mozilla.org/security/advisories/mfsa2024-58/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2024-59/ - () https://www.mozilla.org/security/advisories/mfsa2024-59/ - Vendor Advisory
CPE cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 6.5
First Time Mozilla thunderbird
Mozilla firefox
Mozilla
Summary
  • (es) Las escrituras repetidas en los atributos de la interfaz del historial podrían haberse utilizado para provocar una condición de denegación de servicio en el navegador. Esto se solucionó introduciendo una limitación de velocidad en esta API. Esta vulnerabilidad afecta a Firefox &lt; 132, Firefox ESR &lt; 128.4, Thunderbird &lt; 128.4 y Thunderbird &lt; 132.

29 Oct 2024, 15:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE CWE-125

29 Oct 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-29 13:15

Updated : 2024-11-04 13:30


NVD link : CVE-2024-10464

Mitre link : CVE-2024-10464

CVE.ORG link : CVE-2024-10464


JSON object : View

Products Affected

mozilla

  • firefox
  • thunderbird
CWE
CWE-125

Out-of-bounds Read