csaf_opensuse - opensuse-su-2024:14250-1

OPENSUSE-SU-2024:14250-1

Vulnerability from csaf_opensuse - Published: 2024-08-09 00:00 - Updated: 2024-08-09 00:00

Summary

MozillaThunderbird-115.14.0-1.1 on GA media

Notes

Title of the patch

MozillaThunderbird-115.14.0-1.1 on GA media

Description of the patch

These are all security issues fixed in the MozillaThunderbird-115.14.0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-14250

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "MozillaThunderbird-115.14.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the MozillaThunderbird-115.14.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-14250",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14250-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-7519 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-7519/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-7521 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-7521/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-7522 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-7522/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-7525 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-7525/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-7526 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-7526/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-7527 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-7527/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-7529 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-7529/"
      }
    ],
    "title": "MozillaThunderbird-115.14.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-08-09T00:00:00Z",
      "generator": {
        "date": "2024-08-09T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:14250-1",
      "initial_release_date": "2024-08-09T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-08-09T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-115.14.0-1.1.aarch64",
                "product": {
                  "name": "MozillaThunderbird-115.14.0-1.1.aarch64",
                  "product_id": "MozillaThunderbird-115.14.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64",
                "product": {
                  "name": "MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64",
                  "product_id": "MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-115.14.0-1.1.aarch64",
                "product": {
                  "name": "MozillaThunderbird-translations-common-115.14.0-1.1.aarch64",
                  "product_id": "MozillaThunderbird-translations-common-115.14.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-115.14.0-1.1.aarch64",
                "product": {
                  "name": "MozillaThunderbird-translations-other-115.14.0-1.1.aarch64",
                  "product_id": "MozillaThunderbird-translations-other-115.14.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-115.14.0-1.1.ppc64le",
                "product": {
                  "name": "MozillaThunderbird-115.14.0-1.1.ppc64le",
                  "product_id": "MozillaThunderbird-115.14.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le",
                "product": {
                  "name": "MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le",
                  "product_id": "MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le",
                "product": {
                  "name": "MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le",
                  "product_id": "MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le",
                "product": {
                  "name": "MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le",
                  "product_id": "MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-115.14.0-1.1.s390x",
                "product": {
                  "name": "MozillaThunderbird-115.14.0-1.1.s390x",
                  "product_id": "MozillaThunderbird-115.14.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x",
                "product": {
                  "name": "MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x",
                  "product_id": "MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-115.14.0-1.1.s390x",
                "product": {
                  "name": "MozillaThunderbird-translations-common-115.14.0-1.1.s390x",
                  "product_id": "MozillaThunderbird-translations-common-115.14.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-115.14.0-1.1.s390x",
                "product": {
                  "name": "MozillaThunderbird-translations-other-115.14.0-1.1.s390x",
                  "product_id": "MozillaThunderbird-translations-other-115.14.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-115.14.0-1.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-115.14.0-1.1.x86_64",
                  "product_id": "MozillaThunderbird-115.14.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64",
                  "product_id": "MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-115.14.0-1.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-translations-common-115.14.0-1.1.x86_64",
                  "product_id": "MozillaThunderbird-translations-common-115.14.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-115.14.0-1.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-translations-other-115.14.0-1.1.x86_64",
                  "product_id": "MozillaThunderbird-translations-other-115.14.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-115.14.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.aarch64"
        },
        "product_reference": "MozillaThunderbird-115.14.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-115.14.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.ppc64le"
        },
        "product_reference": "MozillaThunderbird-115.14.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-115.14.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.s390x"
        },
        "product_reference": "MozillaThunderbird-115.14.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-115.14.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-115.14.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64"
        },
        "product_reference": "MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le"
        },
        "product_reference": "MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x"
        },
        "product_reference": "MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-115.14.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.aarch64"
        },
        "product_reference": "MozillaThunderbird-translations-common-115.14.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le"
        },
        "product_reference": "MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-115.14.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.s390x"
        },
        "product_reference": "MozillaThunderbird-translations-common-115.14.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-115.14.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-translations-common-115.14.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-115.14.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.aarch64"
        },
        "product_reference": "MozillaThunderbird-translations-other-115.14.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le"
        },
        "product_reference": "MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-115.14.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.s390x"
        },
        "product_reference": "MozillaThunderbird-translations-other-115.14.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-115.14.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-translations-other-115.14.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-7519",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-7519"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-7519",
          "url": "https://www.suse.com/security/cve/CVE-2024-7519"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1228648 for CVE-2024-7519",
          "url": "https://bugzilla.suse.com/1228648"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-08-09T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-7519"
    },
    {
      "cve": "CVE-2024-7521",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-7521"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-7521",
          "url": "https://www.suse.com/security/cve/CVE-2024-7521"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1228648 for CVE-2024-7521",
          "url": "https://bugzilla.suse.com/1228648"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-08-09T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-7521"
    },
    {
      "cve": "CVE-2024-7522",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-7522"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-7522",
          "url": "https://www.suse.com/security/cve/CVE-2024-7522"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1228648 for CVE-2024-7522",
          "url": "https://bugzilla.suse.com/1228648"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-08-09T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-7522"
    },
    {
      "cve": "CVE-2024-7525",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-7525"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-7525",
          "url": "https://www.suse.com/security/cve/CVE-2024-7525"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1228648 for CVE-2024-7525",
          "url": "https://bugzilla.suse.com/1228648"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-08-09T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-7525"
    },
    {
      "cve": "CVE-2024-7526",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-7526"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-7526",
          "url": "https://www.suse.com/security/cve/CVE-2024-7526"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1228648 for CVE-2024-7526",
          "url": "https://bugzilla.suse.com/1228648"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-08-09T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-7526"
    },
    {
      "cve": "CVE-2024-7527",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-7527"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-7527",
          "url": "https://www.suse.com/security/cve/CVE-2024-7527"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1228648 for CVE-2024-7527",
          "url": "https://bugzilla.suse.com/1228648"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-08-09T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-7527"
    },
    {
      "cve": "CVE-2024-7529",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-7529"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-7529",
          "url": "https://www.suse.com/security/cve/CVE-2024-7529"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1228648 for CVE-2024-7529",
          "url": "https://bugzilla.suse.com/1228648"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.14.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-08-09T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-7529"
    }
  ]
}

CVE-2024-7526 (GCVE-0-2024-7526)

Vulnerability from cvelistv5 – Published: 2024-08-06 12:38 – Updated: 2024-09-17 18:14

Summary

ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

Uninitialized memory used by WebGL

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1910306
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Affected: unspecified , < 129 (custom)

Mozilla	Firefox ESR	Affected: unspecified , < 115.14 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 128.1 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 128.1 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 115.14 (custom)

Credits

s48gs.w

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "firefox",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "129",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "firefox_esr",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "115.14",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "128.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thunderbird",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "128.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "115.14",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-7526",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-07T20:50:27.888118Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-908",
                "description": "CWE-908 Use of Uninitialized Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:54:02.143Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "129",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.14",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.14",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "s48gs.w"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14."
            }
          ],
          "value": "ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Uninitialized memory used by WebGL",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-17T18:14:47.411Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1910306"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-33/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-34/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-35/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-37/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-38/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2024-7526",
    "datePublished": "2024-08-06T12:38:14.456Z",
    "dateReserved": "2024-08-05T23:30:13.451Z",
    "dateUpdated": "2024-09-17T18:14:47.411Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7527 (GCVE-0-2024-7527)

Vulnerability from cvelistv5 – Published: 2024-08-06 12:38 – Updated: 2025-03-18 19:05

Summary

Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Use-after-free in JavaScript garbage collection

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1871303
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Affected: unspecified , < 129 (custom)

Mozilla	Firefox ESR	Affected: unspecified , < 115.14 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 128.1 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 128.1 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 115.14 (custom)

Credits

Norisz Fay

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "firefox",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "129",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mozilla:firefox_esr:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "firefox_esr",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "115.14",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "128.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thunderbird",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "128.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "115.14",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-7527",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-06T15:19:12.802827Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-18T19:05:01.797Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "129",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.14",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.14",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Norisz Fay"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14."
            }
          ],
          "value": "Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use-after-free in JavaScript garbage collection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-06T22:21:45.319Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1871303"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-33/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-34/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-35/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-37/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-38/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2024-7527",
    "datePublished": "2024-08-06T12:38:14.698Z",
    "dateReserved": "2024-08-05T23:30:16.029Z",
    "dateUpdated": "2025-03-18T19:05:01.797Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7519 (GCVE-0-2024-7519)

Vulnerability from cvelistv5 – Published: 2024-08-06 12:38 – Updated: 2024-08-07 20:49

Summary

Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Out of bounds memory access in graphics shared memory handling

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1902307
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Affected: unspecified , < 129 (custom)

Mozilla	Firefox ESR	Affected: unspecified , < 115.14 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 128.1 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 128.1 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 115.14 (custom)

Credits

dalmurino

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "firefox",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "129",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "firefox_esr",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "115.14",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "128.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-7519",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-07T20:42:21.352822Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:49:22.889Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "129",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.14",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.14",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "dalmurino"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14."
            }
          ],
          "value": "Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out of bounds memory access in graphics shared memory handling",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-06T22:21:41.535Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1902307"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-33/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-34/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-35/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-37/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-38/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2024-7519",
    "datePublished": "2024-08-06T12:38:12.854Z",
    "dateReserved": "2024-08-05T23:29:56.115Z",
    "dateUpdated": "2024-08-07T20:49:22.889Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7521 (GCVE-0-2024-7521)

Vulnerability from cvelistv5 – Published: 2024-08-06 12:38 – Updated: 2024-08-07 20:58

Summary

Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Incomplete WebAssembly exception handing

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1904644
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Affected: unspecified , < 129 (custom)

Mozilla	Firefox ESR	Affected: unspecified , < 115.14 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 128.1 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 128.1 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 115.14 (custom)

Credits

Nils Bars

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "firefox",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "129",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "firefox_esr",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "115.14",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "128.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thunderbird",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "128.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "115.14",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-7521",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-06T13:47:49.424097Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-755",
                "description": "CWE-755 Improper Handling of Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:58:56.811Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "129",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.14",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.14",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Nils Bars"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14."
            }
          ],
          "value": "Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Incomplete WebAssembly exception handing",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-06T22:21:42.664Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1904644"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-33/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-34/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-35/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-37/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-38/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2024-7521",
    "datePublished": "2024-08-06T12:38:13.406Z",
    "dateReserved": "2024-08-05T23:30:00.850Z",
    "dateUpdated": "2024-08-07T20:58:56.811Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7529 (GCVE-0-2024-7529)

Vulnerability from cvelistv5 – Published: 2024-08-06 12:38 – Updated: 2024-08-07 20:55

Summary

The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

Document content could partially obscure security prompts

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1903187
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Affected: unspecified , < 129 (custom)

Mozilla	Firefox ESR	Affected: unspecified , < 115.14 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 128.1 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 128.1 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 115.14 (custom)

Credits

Hafiizh

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "firefox",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "129",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "firefox_esr",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "115.14",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "128.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thunderbird",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "128.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "114.14",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-7529",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-06T13:32:01.203965Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-451",
                "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:55:22.507Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "129",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.14",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.14",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Hafiizh"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14."
            }
          ],
          "value": "The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Document content could partially obscure security prompts",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-06T22:21:46.397Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1903187"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-33/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-34/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-35/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-37/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-38/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2024-7529",
    "datePublished": "2024-08-06T12:38:15.245Z",
    "dateReserved": "2024-08-05T23:30:20.798Z",
    "dateUpdated": "2024-08-07T20:55:22.507Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7525 (GCVE-0-2024-7525)

Vulnerability from cvelistv5 – Published: 2024-08-06 12:38 – Updated: 2024-08-06 22:21

Summary

It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

Missing permission check when creating a StreamFilter

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1909298
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Affected: unspecified , < 129 (custom)

Mozilla	Firefox ESR	Affected: unspecified , < 115.14 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 128.1 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 128.1 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 115.14 (custom)

Credits

Rob Wu

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "firefox",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "129",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "firefox_esr",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "115.14",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "128.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-7525",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-06T19:11:59.565244Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-284",
                "description": "CWE-284 Improper Access Control",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:27:30.486Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "129",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.14",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.14",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Rob Wu"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "It was possible for a web extension with minimal permissions to create a \u003ccode\u003eStreamFilter\u003c/code\u003e which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14."
            }
          ],
          "value": "It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Missing permission check when creating a StreamFilter",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-06T22:21:43.959Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909298"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-33/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-34/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-35/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-37/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-38/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2024-7525",
    "datePublished": "2024-08-06T12:38:14.195Z",
    "dateReserved": "2024-08-05T23:30:11.298Z",
    "dateUpdated": "2024-08-06T22:21:43.959Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7522 (GCVE-0-2024-7522)

Vulnerability from cvelistv5 – Published: 2024-08-06 12:38 – Updated: 2024-08-08 16:02

Summary

Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE

Out of bounds read in editor component

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1906727
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Affected: unspecified , < 129 (custom)

Mozilla	Firefox ESR	Affected: unspecified , < 115.14 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 128.1 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 128.1 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 115.14 (custom)

Credits

Irvan Kurniawan

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "firefox",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "129",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "firefox_esr",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "115.14",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "128.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thunderbird",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "128.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "115.14",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-7522",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-08T15:56:53.271108Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-08T16:02:54.096Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "129",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.14",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.14",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Irvan Kurniawan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14."
            }
          ],
          "value": "Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox \u003c 129, Firefox ESR \u003c 115.14, Firefox ESR \u003c 128.1, Thunderbird \u003c 128.1, and Thunderbird \u003c 115.14."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out of bounds read in editor component",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-06T22:21:43.311Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1906727"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-33/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-34/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-35/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-37/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-38/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2024-7522",
    "datePublished": "2024-08-06T12:38:13.630Z",
    "dateReserved": "2024-08-05T23:30:03.058Z",
    "dateUpdated": "2024-08-08T16:02:54.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

OPENSUSE-SU-2024:14250-1

CVE-2024-7526 (GCVE-0-2024-7526)

CVE-2024-7527 (GCVE-0-2024-7527)

CVE-2024-7519 (GCVE-0-2024-7519)

CVE-2024-7521 (GCVE-0-2024-7521)

CVE-2024-7529 (GCVE-0-2024-7529)

CVE-2024-7525 (GCVE-0-2024-7525)

CVE-2024-7522 (GCVE-0-2024-7522)

Tags

Sightings

Nomenclature