CVE-2024-7519

{"id": "CVE-2024-7519", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-08-06T13:15:57.040", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1902307", "tags": ["Issue Tracking", "Permissions Required"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-33/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-34/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-35/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-37/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-38/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14."}, {"lang": "es", "value": "Las comprobaciones insuficientes al procesar la memoria compartida de gr\u00e1ficos podr\u00edan haber provocado da\u00f1os en la memoria. Un atacante podr\u00eda aprovechar esto para realizar un escape de la zona de pruebas. Esta vulnerabilidad afecta a Firefox &lt; 129, Firefox ESR &lt; 115.14, Firefox ESR &lt; 128.1, Thunderbird &lt; 128.1 y Thunderbird &lt; 115.14."}], "lastModified": "2024-08-12T16:04:20.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12C9ABF7-3B44-4C24-B152-488DCF9E2D39", "versionEndExcluding": "129.0"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95A2A856-7C7A-46A3-A2B5-967E63D7083A", "versionEndExcluding": "115.14.0"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:128.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE7D7BC3-F9A8-42D3-8C60-464457B7B2CC"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86167092-2071-4D6B-8CBC-F5C13923D7A8", "versionEndExcluding": "115.14.0"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:128.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65FE0D69-95D3-4440-8DE5-141510B64C20"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}