gsd-2024-2608
Vulnerability from gsd
Modified
2024-04-02 05:02
Details
`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
Aliases


To clipboard 

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-2608"
      ],
      "details": "`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9.",
      "id": "GSD-2024-2608",
      "modified": "2024-04-02T05:02:53.399629Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2024-2608",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Firefox",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "124"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox ESR",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "115.9"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Thunderbird",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "115.9"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Ronald Crane"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Integer overflow could have led to out of bounds write"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1880692",
            "refsource": "MISC",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1880692"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2024-12/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2024-13/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2024-14/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/"
          },
          {
            "name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html",
            "refsource": "MISC",
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html"
          },
          {
            "name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html",
            "refsource": "MISC",
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9."
          },
          {
            "lang": "es",
            "value": "`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` y `AppendEncodedCharacters()` podr\u00edan haber experimentado desbordamientos de enteros, lo que provoc\u00f3 una asignaci\u00f3n insuficiente de un b\u00fafer de salida, lo que provoc\u00f3 una escritura fuera de los l\u00edmites. Esta vulnerabilidad afecta a Firefox \u0026lt; 124, Firefox ESR \u0026lt; 115.9 y Thunderbird \u0026lt; 115.9."
          }
        ],
        "id": "CVE-2024-2608",
        "lastModified": "2024-03-25T17:15:51.783",
        "metrics": {},
        "published": "2024-03-19T12:15:08.843",
        "references": [
          {
            "source": "security@mozilla.org",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1880692"
          },
          {
            "source": "security@mozilla.org",
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html"
          },
          {
            "source": "security@mozilla.org",
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html"
          },
          {
            "source": "security@mozilla.org",
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/"
          },
          {
            "source": "security@mozilla.org",
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/"
          },
          {
            "source": "security@mozilla.org",
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/"
          }
        ],
        "sourceIdentifier": "security@mozilla.org",
        "vulnStatus": "Awaiting Analysis"
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.