INFSA-2024:4635: Mozilla Thunderbird security update
Information about definition
Identificator: INFSA-2024:4635
Type: security
Release date: 2024-08-23 19:06:53 UTC
Information about package
Mozilla Thunderbird is a standalone mail and newsgroup client.
Vulnerabilities description
- CVE-2024-6601
A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
- CVE-2024-6603
In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption.
- CVE-2024-6604
Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-6601
|
no information | 6.1 | no information |
|
NIST — CVE-2024-6603
|
no information | 6.1 | no information |
|
NIST — CVE-2024-6604
|
no information | 7.5 | no information |
Updated packages