CVE-2024-10468

Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

History

04 Nov 2024, 13:29

Type Values Removed Values Added
First Time Mozilla thunderbird
Mozilla firefox
Mozilla
CWE CWE-362
CPE cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 5.3
Summary
  • (es) Posibles condiciones de carrera en IndexedDB podrían haber causado daños en la memoria, lo que podría provocar un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox &lt; 132 y Thunderbird &lt; 132.
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1914982 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1914982 - Issue Tracking, Permissions Required
References () https://www.mozilla.org/security/advisories/mfsa2024-55/ - () https://www.mozilla.org/security/advisories/mfsa2024-55/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2024-59/ - () https://www.mozilla.org/security/advisories/mfsa2024-59/ - Vendor Advisory

29 Oct 2024, 15:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-770

29 Oct 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-29 13:15

Updated : 2024-11-04 13:29


NVD link : CVE-2024-10468

Mitre link : CVE-2024-10468

CVE.ORG link : CVE-2024-10468


JSON object : View

Products Affected

mozilla

  • firefox
  • thunderbird
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-770

Allocation of Resources Without Limits or Throttling