CVE-2024-10468

Published: Oct 29, 2024Modified: Nov 4, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.6 / Impact: 3.6

Source: NVD

Description

Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.

Affected (2)

Products: Mozilla: Firefox, Thunderbird

Mozilla

2 products

Firefox

Thunderbird

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 132.0
Mozilla Thunderbird	Before 132.0

Related CWEs

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (3)

https://bugzilla.mozilla.org/show_bug.cgi?id=1914982

Source: security@mozilla.org

Issue TrackingPermissions Required

https://www.mozilla.org/security/advisories/mfsa2024-55/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2024-59/

Source: security@mozilla.org

Vendor Advisory

Timeline

No history available yet.