`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phKey` to be NULL for certain mechanisms. This vulnerability affects Firefox < 133 and Thunderbird < 133.
Metrics
Affected Vendors & Products
References
History
Wed, 27 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mozilla
Mozilla firefox Mozilla thunderbird |
|
Weaknesses | CWE-476 | |
CPEs | cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:* |
|
Vendors & Products |
Mozilla
Mozilla firefox Mozilla thunderbird |
|
Metrics |
cvssV3_1
|
ssvc
|
Wed, 27 Nov 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | firefox: thunderbird: Null Pointer Dereference in NSC_DeriveKey | |
Weaknesses | CWE-125 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Tue, 26 Nov 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | `NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phKey` to be NULL for certain mechanisms. This vulnerability affects Firefox < 133 and Thunderbird < 133. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mozilla
Published: 2024-11-26T13:34:01.020Z
Updated: 2024-11-27T15:14:36.319Z
Reserved: 2024-11-25T16:29:46.972Z
Link: CVE-2024-11705
Vulnrichment
Updated: 2024-11-27T15:14:25.829Z
NVD
Status : Received
Published: 2024-11-26T14:15:19.997
Modified: 2024-11-27T16:15:14.000
Link: CVE-2024-11705
Redhat