VDB
CNVD-2024-12552
CNVD-2024-12552
PUBLISHED
CVSS 7.5 HIGH
Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox存在越界读取漏洞,该漏洞源于当在网络通道上存储和重新访问数据时,缓冲区的长度可能会被混淆,攻击者可利用该漏洞获取敏感信息或导致浏览器崩溃。
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | unspecified |
| Mozilla | Firefox ESR | unspecified |
| mozilla | thunderbird | 0 |
| mozilla | firefox | 0 |
| Mozilla | Thunderbird | unspecified |
| mozilla | firefox_esr | 0 |
Timeline
- Feb 20, 2024 CVE Published
- Feb 20, 2024 PoC Published
- Feb 21, 2024 PoC Published
- Mar 1, 2024 CVE ID Reserved
- Mar 8, 2024 PoC Published
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1843752 url
- https://www.mozilla.org/security/advisories/mfsa2024-05/ url
- https://www.mozilla.org/security/advisories/mfsa2024-06/ url
- https://www.mozilla.org/security/advisories/mfsa2024-07/ url
- https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html url
- https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html url