{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1546", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2024-02-15T18:01:41.391Z", "datePublished": "2024-02-20T13:21:34.136Z", "dateUpdated": "2025-02-13T17:27:37.804Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "123", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "115.8", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "115.8", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8."}]}], "problemTypes": [{"descriptions": [{"description": "Out-of-bounds memory read in networking channels", "lang": "en", "type": "text"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1843752"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-06/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-07/"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html"}], "credits": [{"lang": "en", "value": "Alfred Peters"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2024-03-04T09:05:50.960Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "CWE-125 Out-of-bounds Read"}]}], "affected": [{"vendor": "mozilla", "product": "firefox", "cpes": ["cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "123", "versionType": "custom"}]}, {"vendor": "mozilla", "product": "firefox_esr", "cpes": ["cpe:2.3:a:mozilla:firefox_esr:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "115.8", "versionType": "custom"}]}, {"vendor": "mozilla", "product": "thunderbird", "cpes": ["cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "115.8", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-11-05T15:13:55.974449Z", "id": "CVE-2024-1546", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-05T15:18:03.623Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:40:21.460Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1843752", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-06/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-07/", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1843752", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-06/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-07/", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:40:21.460Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-1546", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-05T15:13:55.974449Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*"], "vendor": "mozilla", "product": "firefox", "versions": [{"status": "affected", "version": "0", "lessThan": "123", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:mozilla:firefox_esr:-:*:*:*:*:*:*:*"], "vendor": "mozilla", "product": "firefox_esr", "versions": [{"status": "affected", "version": "0", "lessThan": "115.8", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*"], "vendor": "mozilla", "product": "thunderbird", "versions": [{"status": "affected", "version": "0", "lessThan": "115.8", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:39.836Z"}}], "cna": {"credits": [{"lang": "en", "value": "Alfred Peters"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "123", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox ESR", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "115.8", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "115.8", "versionType": "custom"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1843752"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-06/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-07/"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html"}], "descriptions": [{"lang": "en", "value": "When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.", "supportingMedia": [{"type": "text/html", "value": "When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Out-of-bounds memory read in networking channels"}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2024-02-20T19:23:30.714Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1546", "state": "PUBLISHED", "dateUpdated": "2024-11-05T15:18:03.623Z", "dateReserved": "2024-02-15T18:01:41.391Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2024-02-20T13:21:34.136Z", "assignerShortName": "mozilla"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8."}, {"lang": "es", "value": "Al almacenar y volver a acceder a datos en un canal de red, es posible que se haya confundido la longitud de los bufferse, lo que resulta en una lectura de memoria fuera de los l\u00edmites. Esta vulnerabilidad afecta a Firefox &lt; 123, Firefox ESR &lt; 115.8 y Thunderbird &lt; 115.8."}], "id": "CVE-2024-1546", "lastModified": "2024-11-21T08:50:47.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-02-20T14:15:08.477", "references": [{"source": "security@mozilla.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1843752"}, {"source": "security@mozilla.org", "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html"}, {"source": "security@mozilla.org", "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2024-05/"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2024-06/"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2024-07/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1843752"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.mozilla.org/security/advisories/mfsa2024-05/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.mozilla.org/security/advisories/mfsa2024-06/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.mozilla.org/security/advisories/mfsa2024-07/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alfred Peters as the original reporter.", "affected_release": [{"advisory": "RHSA-2024:0957", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:115.8.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0976", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:115.8.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0955", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:115.8.0-1.el8_9", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0964", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:115.8.0-1.el8_9", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0958", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "thunderbird-0:115.8.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0972", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "firefox-0:115.8.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0958", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "thunderbird-0:115.8.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0972", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "firefox-0:115.8.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0958", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "thunderbird-0:115.8.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0972", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "firefox-0:115.8.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0959", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "thunderbird-0:115.8.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0971", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "firefox-0:115.8.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0959", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "thunderbird-0:115.8.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0971", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "firefox-0:115.8.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0959", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "thunderbird-0:115.8.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0971", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "firefox-0:115.8.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0960", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "thunderbird-0:115.8.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0970", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "firefox-0:115.8.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0961", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "thunderbird-0:115.8.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0969", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "firefox-0:115.8.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0952", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:115.8.0-1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-02-22T00:00:00Z"}, {"advisory": "RHSA-2024:0963", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:115.8.0-1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0962", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "thunderbird-0:115.8.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0968", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "firefox-0:115.8.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0983", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "firefox-0:115.8.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0984", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "thunderbird-0:115.8.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-02-26T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Out-of-bounds memory read in networking channels", "id": "2265349", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265349"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-125", "details": ["When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read."], "name": "CVE-2024-1546", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2024-02-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-1546\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1546\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1546\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1546"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Important", "upstream_fix": "firefox 115.8, thunderbird 115.8"}