CVE-2024-6604

HIGH

Firefox < 128 and ESR < 115.13 - Memory Corruption

Title source: llm
STIX 2.1

Description

Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

Scores

CVSS v3 7.5
EPSS 0.0054
EPSS Percentile 41.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-120
Status published
Products (3)
mozilla/firefox < 115.13
mozilla/firefox < 126.0
mozilla/thunderbird < 115.13
Published Jul 09, 2024
Tracked Since Feb 18, 2026