CVE-2024-2612

medium

Published 2024-03-25 · Modified 2024-03-25

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

5.5

Description

RHSA-2024:1494: thunderbird security update (Moderate)

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description Mozilla: Self referencing object could have potentially led to a use-after-free Red Hat statement Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. CVSS v3: 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux…

Description

Mozilla: Self referencing object could have potentially led to a use-after-free

Red Hat statement

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

CVSS v3: 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Enterprise Linux 7	`firefox-0:115.9.1-1.el7_9`	RHSA-2024:1486	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 7	`thunderbird-0:115.9.0-1.el7_9`	RHSA-2024:1498	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 8	`firefox-0:115.9.1-1.el8_9`	RHSA-2024:1484	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 8	`thunderbird-0:115.9.0-1.el8_9`	RHSA-2024:1494	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support	`firefox-0:115.9.1-1.el8_2`	RHSA-2024:1490	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support	`thunderbird-0:115.9.0-1.el8_2`	RHSA-2024:1500	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	`firefox-0:115.9.1-1.el8_2`	RHSA-2024:1490	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	`thunderbird-0:115.9.0-1.el8_2`	RHSA-2024:1500	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	`firefox-0:115.9.1-1.el8_2`	RHSA-2024:1490	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	`thunderbird-0:115.9.0-1.el8_2`	RHSA-2024:1500	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	`firefox-0:115.9.1-1.el8_4`	RHSA-2024:1491	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	`thunderbird-0:115.9.0-1.el8_4`	RHSA-2024:1499	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	`firefox-0:115.9.1-1.el8_4`	RHSA-2024:1491	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	`thunderbird-0:115.9.0-1.el8_4`	RHSA-2024:1499	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	`firefox-0:115.9.1-1.el8_4`	RHSA-2024:1491	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	`thunderbird-0:115.9.0-1.el8_4`	RHSA-2024:1499	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support	`firefox-0:115.9.1-1.el8_6`	RHSA-2024:1489	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support	`thunderbird-0:115.9.0-1.el8_6`	RHSA-2024:1497	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support	`firefox-0:115.9.1-1.el8_8`	RHSA-2024:1488	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support	`thunderbird-0:115.9.0-1.el8_8`	RHSA-2024:1496	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 9	`firefox-0:115.9.1-1.el9_3`	RHSA-2024:1485	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 9	`thunderbird-0:115.9.0-1.el9_3`	RHSA-2024:1493	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support	`firefox-0:115.9.1-1.el9_0`	RHSA-2024:1487	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support	`thunderbird-0:115.9.0-1.el9_0`	RHSA-2024:1495	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support	`firefox-0:115.9.1-1.el9_2`	RHSA-2024:1483	2024-03-25T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support	`thunderbird-0:115.9.0-1.el9_2`	RHSA-2024:1492	2024-03-25T00:00:00Z

Package state

Product	Package	State
Red Hat Enterprise Linux 6	`firefox`	Out of support scope
Red Hat Enterprise Linux 6	`thunderbird`	Out of support scope

Apply commands

bash fix

Apply RHSA-2024:1486 for Red Hat Enterprise Linux 7

yum update -y firefox
# or:
dnf upgrade -y firefox

OS impact

OS	Version	Status	Fixed in
rhel	9	fixed
rocky	8	fixed
debian	sid	fixed	`124.0-1`
debian	bookworm	fixed	`115.9.0esr-1~deb12u1`
debian	bullseye	fixed	`115.9.0esr-1~deb11u1`
debian	forky	fixed	`115.9.0esr-1`
debian	trixie	fixed	`115.9.0esr-1`
sles		affected
almalinux	8	fixed	`firefox-115.9.1-1.el8_9.alma.1.aarch64.rpm`
almalinux	9	fixed	`firefox-x11-115.9.1-1.el9_3.alma.1.ppc64le.rpm`
rhel	8	fixed

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.