VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-2r2w-tzaa-u7bf

Essentials
Severities (34)
References (46)
Severity details (17)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-2r2w-tzaa-u7bf
Aliases	CVE-2024-0755
Summary	Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

System	Score	Found at
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0755.json
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss	0.00646	https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss	0.00664	https://api.first.org/data/v1/epss?cve=CVE-2024-0755
cvssv3.1	8.8	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1868456%2C1871445%2C1873701
ssvc	Track	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1868456%2C1871445%2C1873701
cvssv3.1	8.8	https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
cvssv3.1	8.8	https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2024-0755
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-01
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-02
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-04
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2024-01/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-01/
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2024-02/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-02/
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2024-04/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-04/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0755.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-0755
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0741
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0742
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0746
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0747
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0749
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0750
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0751
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0753
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0755
2259934		https://bugzilla.redhat.com/show_bug.cgi?id=2259934
buglist.cgi?bug_id=1868456%2C1871445%2C1873701		https://bugzilla.mozilla.org/buglist.cgi?bug_id=1868456%2C1871445%2C1873701
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
CVE-2024-0755		https://nvd.nist.gov/vuln/detail/CVE-2024-0755
mfsa2024-01		https://www.mozilla.org/en-US/security/advisories/mfsa2024-01
mfsa2024-01		https://www.mozilla.org/security/advisories/mfsa2024-01/
mfsa2024-02		https://www.mozilla.org/en-US/security/advisories/mfsa2024-02
mfsa2024-02		https://www.mozilla.org/security/advisories/mfsa2024-02/
mfsa2024-04		https://www.mozilla.org/en-US/security/advisories/mfsa2024-04
mfsa2024-04		https://www.mozilla.org/security/advisories/mfsa2024-04/
msg00015.html		https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
msg00022.html		https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
RHSA-2024:0559		https://access.redhat.com/errata/RHSA-2024:0559
RHSA-2024:0565		https://access.redhat.com/errata/RHSA-2024:0565
RHSA-2024:0596		https://access.redhat.com/errata/RHSA-2024:0596
RHSA-2024:0598		https://access.redhat.com/errata/RHSA-2024:0598
RHSA-2024:0600		https://access.redhat.com/errata/RHSA-2024:0600
RHSA-2024:0601		https://access.redhat.com/errata/RHSA-2024:0601
RHSA-2024:0602		https://access.redhat.com/errata/RHSA-2024:0602
RHSA-2024:0603		https://access.redhat.com/errata/RHSA-2024:0603
RHSA-2024:0604		https://access.redhat.com/errata/RHSA-2024:0604
RHSA-2024:0605		https://access.redhat.com/errata/RHSA-2024:0605
RHSA-2024:0608		https://access.redhat.com/errata/RHSA-2024:0608
RHSA-2024:0609		https://access.redhat.com/errata/RHSA-2024:0609
RHSA-2024:0615		https://access.redhat.com/errata/RHSA-2024:0615
RHSA-2024:0616		https://access.redhat.com/errata/RHSA-2024:0616
RHSA-2024:0618		https://access.redhat.com/errata/RHSA-2024:0618
RHSA-2024:0619		https://access.redhat.com/errata/RHSA-2024:0619
RHSA-2024:0622		https://access.redhat.com/errata/RHSA-2024:0622
RHSA-2024:0623		https://access.redhat.com/errata/RHSA-2024:0623
USN-6610-1		https://usn.ubuntu.com/6610-1/
USN-6669-1		https://usn.ubuntu.com/6669-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0755.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.mozilla.org/buglist.cgi?bug_id=1868456%2C1871445%2C1873701

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-06T05:00:17Z/ Found at https://bugzilla.mozilla.org/buglist.cgi?bug_id=1868456%2C1871445%2C1873701

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-06T05:00:17Z/ Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-06T05:00:17Z/ Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-0755

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-01/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-06T05:00:17Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-01/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-02/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-06T05:00:17Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-02/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-04/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-06T05:00:17Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-04/

Exploit Prediction Scoring System (EPSS)

Percentile	0.69766
EPSS Score	0.00646
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:09:08.731241+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2024/mfsa2024-02.yml	37.0.0