A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133 and Thunderbird < 133.
Metrics
Affected Vendors & Products
References
History
Wed, 27 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mozilla
Mozilla firefox Mozilla thunderbird |
|
CPEs | cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:* |
|
Vendors & Products |
Mozilla
Mozilla firefox Mozilla thunderbird |
|
Metrics |
cvssV3_1
|
ssvc
|
Wed, 27 Nov 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | firefox: thunderbird: Potential Double-Free Vulnerability in PKCS#7 Decryption Handling | |
Weaknesses | CWE-415 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Tue, 26 Nov 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133 and Thunderbird < 133. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mozilla
Published: 2024-11-26T13:33:59.991Z
Updated: 2024-11-27T15:25:11.539Z
Reserved: 2024-11-25T16:29:45.930Z
Link: CVE-2024-11704
Vulnrichment
Updated: 2024-11-27T15:23:55.398Z
NVD
Status : Received
Published: 2024-11-26T14:15:19.910
Modified: 2024-11-27T16:15:13.837
Link: CVE-2024-11704
Redhat