CVE-2024-0743
Es bestehen mehrere Schwachstellen in Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird. Diese Fehler bestehen in mehreren Komponenten und Funktionen wie dem Windows Error Reporter oder der RSA-Verschlüsselung, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Integer-Überlauf oder einer Verwendung nach einem Free. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder einen nicht spezifizierten Angriff durchzuführen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
EPSS 0.89% · 76.0th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu | Ubuntu Linux | |
| Mozilla | Mozilla Firefox <124 | |
| Xerox | Xerox FreeFlow Print Server v7 | |
| Oracle | Oracle Linux | |
| Mozilla | Mozilla Firefox ESR <115.9 | |
| Mozilla | Mozilla Firefox <122 | |
| IGEL | IGEL OS 12 | |
| Open Source | Open Source CentOS | |
| Fedora | Fedora Linux | |
| RESF | RESF Rocky Linux | |
| Red Hat | Red Hat Enterprise Linux | |
| Mozilla | Mozilla Thunderbird <115.7 | |
| Mozilla | Mozilla Thunderbird <115.10 | |
| Debian | Debian Linux | |
| SUSE | SUSE openSUSE | |
| IGEL | IGEL OS 11 | |
| Mozilla | Mozilla Thunderbird <115.9 | |
| Mozilla | Mozilla Firefox ESR <115.7 | |
| Xerox | Xerox FreeFlow Print Server v9 | |
| Amazon | Amazon Linux 2 |
…and 2 more
Exploit Intelligence
- test_scrapers.py (github-poc)
- test_scrapers.py (github-poc)
- test_scrapers.py (github-poc)
- test_scrapers.py (github-poc)
- test_scrapers.py (github-poc)
- test_scrapers.py (github-poc)
- test_scrapers.py (github-poc)
- test_scrapers.py (github-poc)
Timeline
- Jan 23, 2024 CVE Published
- Jan 31, 2024 EPSS Score
- Feb 27, 2024 EPSS Score
- Mar 26, 2024 EPSS Score
- May 20, 2024 EPSS Score
- Jun 16, 2024 EPSS Score
- Jul 13, 2024 EPSS Score
- Aug 14, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 8, 2024 EPSS Score
- Nov 4, 2024 EPSS Score
- Dec 3, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0185.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0185 advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/ advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/ advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/ advisory
- https://lists.debian.org/debian-security-announce/2024/msg00013.html advisory
- https://lists.debian.org/debian-security-announce/2024/msg00012.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-January/017748.html advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-c8c2a52fb8 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-278a776610 advisory
- https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-January/017757.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-January/017758.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-January/017761.html advisory
- https://ubuntu.com/security/notices/USN-6610-1 advisory
- https://access.redhat.com/errata/RHSA-2024:0559 advisory
- https://access.redhat.com/errata/RHSA-2024:0605 advisory
- https://access.redhat.com/errata/RHSA-2024:0601 advisory
- https://access.redhat.com/errata/RHSA-2024:0608 advisory
- https://linux.oracle.com/errata/ELSA-2024-0603.html advisory
…and 118 more