← Back

CVE-2024-9399

nvd nist
Published: Oct 1, 2024Modified: Mar 14, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.

Affected (4)

Mozilla
2 products
Firefox
Thunderbird
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Mozilla
Firefox
Before 128.3.0
Firefox
From 129.0 to 131.0
Mozilla
Thunderbird
Before 128.3.0
Thunderbird
From 129.0 to 131.0

Related CWEs

CWE-404
Improper Resource Shutdown or Release
The product does not release or incorrectly releases a resource before it is made available for re-use.

References (5)

Source: security@mozilla.org
Issue TrackingPermissions Required
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory

Timeline

No history available yet.