exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

CVE-2024-3302

Status Candidate

Overview

There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

Related Files

Gentoo Linux Security Advisory 202405-32
Posted May 13, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202405-32 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 115.10.0 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2024-1546, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549, CVE-2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553, CVE-2024-1936, CVE-2024-2609, CVE-2024-3302, CVE-2024-3854, CVE-2024-3857, CVE-2024-3859
SHA-256 | 3283b7e266237a6df6b8dc58a8f3b51eb90071121c21462cfd91730f52a3efb9
Ubuntu Security Notice USN-6747-2
Posted May 2, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6747-2 - USN-6747-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory during JIT optimizations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denial of service or expose sensitive information. Nan Wang discovered that Firefox did not properly manage memory during WASM garbage collection. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2024-3302, CVE-2024-3853, CVE-2024-3856, CVE-2024-3857, CVE-2024-3858, CVE-2024-3859, CVE-2024-3860, CVE-2024-3861, CVE-2024-3862, CVE-2024-3864
SHA-256 | 7c2c9d128db1252739be1d7a0b93beb403f7c031e510470fefa2f2f7a74db59d
Ubuntu Security Notice USN-6750-1
Posted Apr 25, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6750-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Bartek Nowotarski discovered that Thunderbird did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service.

tags | advisory, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-2609, CVE-2024-3302, CVE-2024-3854, CVE-2024-3857, CVE-2024-3859, CVE-2024-3861, CVE-2024-3864
SHA-256 | 754d51ac65b5ef2eda4da9a5a3c295a24f0e2be8f571d9de933977d88d6415b9
Ubuntu Security Notice USN-6747-1
Posted Apr 24, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6747-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service.

tags | advisory, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-3302, CVE-2024-3853, CVE-2024-3855, CVE-2024-3856, CVE-2024-3857, CVE-2024-3858, CVE-2024-3859, CVE-2024-3860, CVE-2024-3861, CVE-2024-3862, CVE-2024-3864, CVE-2024-3865
SHA-256 | fe5132fb8a5bc8bcd0558902c71cf2276c28f6168b4d2cd89f4e001ddfd7106d
Red Hat Security Advisory 2024-1982-03
Posted Apr 24, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1982-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-3302
SHA-256 | 47efddbae486472b1fb1b17cfa143f4c01d71d0a72291d5e291d3acbdad55512
Debian Security Advisory 5670-1
Posted Apr 23, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5670-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2024-2609, CVE-2024-3302, CVE-2024-3852, CVE-2024-3854, CVE-2024-3857, CVE-2024-3859, CVE-2024-3861, CVE-2024-3864
SHA-256 | dda1a12438be627d8e083962bff09cf7f33ae4c9b77094116c099bff8d04a008
Red Hat Security Advisory 2024-1941-03
Posted Apr 23, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1941-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-3302
SHA-256 | 2e47b515ffe1a3b1fc61f19d3c706beed5a65c4f96437239295766cd9edbb287
Red Hat Security Advisory 2024-1940-03
Posted Apr 23, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1940-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-3302
SHA-256 | d439ba8b23445cc86f9fefaaf53aaed03c4e44e750b569daa6573026f8b5bc1a
Red Hat Security Advisory 2024-1939-03
Posted Apr 23, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1939-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-3302
SHA-256 | 4e47a06b007ac763feb96ab7cc5dcf37e2f94cf2c39418f1e75b4976ec056954
Red Hat Security Advisory 2024-1938-03
Posted Apr 23, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1938-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-3302
SHA-256 | 9d416d8fb0cad7a09f51d4b270c77706d419a9bb000d4ab43e5319cb5d94928b
Red Hat Security Advisory 2024-1937-03
Posted Apr 23, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1937-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-3302
SHA-256 | b82b8bffd15d7e1e0a69750eab8ca4a2592d6717a2ea689fdc5c1bac74bf4c5d
Red Hat Security Advisory 2024-1936-03
Posted Apr 23, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1936-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-3302
SHA-256 | a8d3056fd4fbb88b699b87d0d7c5af5f6ed42d960ae3de4640bb7e4b880e4592
Red Hat Security Advisory 2024-1935-03
Posted Apr 23, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1935-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 7. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-3302
SHA-256 | aa2fcff29670b8df633e063fd541febc98148374f108ad8e986b52cef3b2c546
Red Hat Security Advisory 2024-1934-03
Posted Apr 23, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1934-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-3302
SHA-256 | 8bef82df865f00a831e3a1c8e217137bc07d3908d8aee69a7eebc37349cc4066
Debian Security Advisory 5663-1
Posted Apr 18, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5663-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or clickjacking.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2024-2609, CVE-2024-3302, CVE-2024-3852, CVE-2024-3854, CVE-2024-3857, CVE-2024-3859, CVE-2024-3861, CVE-2024-3864
SHA-256 | 476592212a64df9134adcc4f8af8746abf77e54f195e5a04cb8940b7bfc841d0
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close