CVE-2024-7526

ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1910306	Issue Tracking Permissions Required
https://www.mozilla.org/security/advisories/mfsa2024-33/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-34/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-35/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-37/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-38/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox_esr::::::::
	cpe:2.3:a:mozilla:firefox_esr:128.0:::::::*
	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird:128.0.1:::::::*

History

17 Sep 2024, 19:15

Type	Values Removed	Values Added
Summary	(en) ANGLE failed to initialize parameters which led to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.	(en) ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

12 Aug 2024, 16:07

Type	Values Removed	Values Added
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=1910306 -~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=1910306 - Issue Tracking, Permissions Required
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-33/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-33/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-34/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-34/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-35/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-35/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-37/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-37/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-38/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-38/ - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 6.5
CPE		cpe:2.3:a:mozilla:firefox:::::::: cpe:2.3:a:mozilla:firefox_esr:128.0:::::::* cpe:2.3:a:mozilla:firefox_esr:::::::: cpe:2.3:a:mozilla:thunderbird:::::::: cpe:2.3:a:mozilla:thunderbird:128.0.1:::::::*
First Time		Mozilla firefox Mozilla firefox Esr Mozilla thunderbird Mozilla

07 Aug 2024, 21:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CWE		CWE-908
Summary		(es) ANGLE no pudo inicializar los parámetros, lo que provocó la lectura desde la memoria no inicializada. Esto podría aprovecharse para filtrar datos confidenciales de la memoria. Esta vulnerabilidad afecta a Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1 y Thunderbird < 115.14.

06 Aug 2024, 23:16

Type	Values Removed	Values Added
References		() https://www.mozilla.org/security/advisories/mfsa2024-37/ - () https://www.mozilla.org/security/advisories/mfsa2024-38/ -
Summary	(en) ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.	(en) ANGLE failed to initialize parameters which led to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

06 Aug 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-06 13:15

Updated : 2024-09-17 19:15

NVD link : CVE-2024-7526

Mitre link : CVE-2024-7526

CVE.ORG link : CVE-2024-7526

JSON object : View

Products Affected

mozilla

firefox
thunderbird
firefox_esr

CWE

CWE-908

Use of Uninitialized Resource

6.5 /10