CVE-2024-1557
Es bestehen mehrere Schwachstellen in Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird. Diese Fehler bestehen in mehreren Funktionen und Modulen aufgrund mehrerer sicherheitsrelevanter Probleme, wie z. B. Lesen von Out-of-Bounds-Speicher, Cache Poisoning, ungültiger Speicherzugriff oder falsche Codegenerierung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen nicht spezifizierten Angriff durchzuführen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
EPSS 0.37% · 59.5th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Enterprise Linux | |
| Mozilla | Mozilla Firefox ESR <115.8 | |
| Mozilla | Mozilla Firefox <123 | |
| Fedora | Fedora Linux | |
| SUSE | SUSE openSUSE | |
| IGEL | IGEL OS 12 | |
| IGEL | IGEL OS 11 | |
| SUSE | SUSE Linux | |
| Mozilla | Mozilla Thunderbird <115.8 | |
| Open Source | Open Source CentOS | |
| Gentoo | Gentoo Linux | |
| Debian | Debian Linux | |
| Amazon | Amazon Linux 2 | |
| Ubuntu | Ubuntu Linux | |
| RESF | RESF Rocky Linux | |
| Oracle | Oracle Linux |
Exploit Intelligence
Timeline
- Feb 20, 2024 CVE Published
- Feb 21, 2024 EPSS Score
- Mar 19, 2024 EPSS Score
- Apr 14, 2024 EPSS Score
- May 11, 2024 EPSS Score
- Jun 7, 2024 EPSS Score
- Jul 3, 2024 EPSS Score
- Jul 30, 2024 EPSS Score
- Aug 12, 2024 CVE Updated
- Aug 30, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 22, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0443.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0443 advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-05 advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-06 advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-07 advisory
- https://lists.debian.org/debian-security-announce/2024/msg00034.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-February/017979.html advisory
- https://ubuntu.com/security/notices/USN-6649-1 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-81863a1613 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-5361211b10 advisory
- https://access.redhat.com/errata/RHSA-2024:0952 advisory
- https://access.redhat.com/errata/RHSA-2024:0970 advisory
- https://linux.oracle.com/errata/ELSA-2024-0952.html advisory
- https://access.redhat.com/errata/RHSA-2024:0972 advisory
- https://access.redhat.com/errata/RHSA-2024:0955 advisory
- https://lists.debian.org/debian-security-announce/2024/msg00037.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-February/018005.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-February/018006.html advisory
- https://access.redhat.com/errata/RHSA-2024:0957 advisory
- https://access.redhat.com/errata/RHSA-2024:0958 advisory
…and 31 more