Search for vulnerabilities
Vulnerability details: VCID-hkv4-499g-aaaa
Vulnerability ID VCID-hkv4-499g-aaaa
Aliases CVE-2024-0755
Summary Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0755.json
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00084 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00084 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00086 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00086 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00646 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.00646 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.02282 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.02282 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.02282 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.02282 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.02282 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.02282 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.02282 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.02282 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.02282 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.02282 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.02282 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.02282 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.02282 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.02282 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.02282 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
epss 0.05743 https://api.first.org/data/v1/epss?cve=CVE-2024-0755
cvssv3.1 8.8 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1868456%2C1871445%2C1873701
ssvc Track https://bugzilla.mozilla.org/buglist.cgi?bug_id=1868456%2C1871445%2C1873701
cvssv3.1 8.8 https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
ssvc Track https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
cvssv3.1 8.8 https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
ssvc Track https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2024-0755
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2024-0755
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-01
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-02
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-04
cvssv3.1 8.8 https://www.mozilla.org/security/advisories/mfsa2024-01/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2024-01/
cvssv3.1 8.8 https://www.mozilla.org/security/advisories/mfsa2024-02/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2024-02/
cvssv3.1 8.8 https://www.mozilla.org/security/advisories/mfsa2024-04/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2024-04/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0755.json
https://api.first.org/data/v1/epss?cve=CVE-2024-0755
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1868456%2C1871445%2C1873701
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0747
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0749
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0751
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0755
https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
https://www.mozilla.org/security/advisories/mfsa2024-01/
https://www.mozilla.org/security/advisories/mfsa2024-02/
https://www.mozilla.org/security/advisories/mfsa2024-04/
2259934 https://bugzilla.redhat.com/show_bug.cgi?id=2259934
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVE-2024-0755 https://nvd.nist.gov/vuln/detail/CVE-2024-0755
GLSA-202402-25 https://security.gentoo.org/glsa/202402-25
GLSA-202402-26 https://security.gentoo.org/glsa/202402-26
mfsa2024-01 https://www.mozilla.org/en-US/security/advisories/mfsa2024-01
mfsa2024-02 https://www.mozilla.org/en-US/security/advisories/mfsa2024-02
mfsa2024-04 https://www.mozilla.org/en-US/security/advisories/mfsa2024-04
RHSA-2024:0559 https://access.redhat.com/errata/RHSA-2024:0559
RHSA-2024:0565 https://access.redhat.com/errata/RHSA-2024:0565
RHSA-2024:0596 https://access.redhat.com/errata/RHSA-2024:0596
RHSA-2024:0598 https://access.redhat.com/errata/RHSA-2024:0598
RHSA-2024:0600 https://access.redhat.com/errata/RHSA-2024:0600
RHSA-2024:0601 https://access.redhat.com/errata/RHSA-2024:0601
RHSA-2024:0602 https://access.redhat.com/errata/RHSA-2024:0602
RHSA-2024:0603 https://access.redhat.com/errata/RHSA-2024:0603
RHSA-2024:0604 https://access.redhat.com/errata/RHSA-2024:0604
RHSA-2024:0605 https://access.redhat.com/errata/RHSA-2024:0605
RHSA-2024:0608 https://access.redhat.com/errata/RHSA-2024:0608
RHSA-2024:0609 https://access.redhat.com/errata/RHSA-2024:0609
RHSA-2024:0615 https://access.redhat.com/errata/RHSA-2024:0615
RHSA-2024:0616 https://access.redhat.com/errata/RHSA-2024:0616
RHSA-2024:0618 https://access.redhat.com/errata/RHSA-2024:0618
RHSA-2024:0619 https://access.redhat.com/errata/RHSA-2024:0619
RHSA-2024:0622 https://access.redhat.com/errata/RHSA-2024:0622
RHSA-2024:0623 https://access.redhat.com/errata/RHSA-2024:0623
USN-6610-1 https://usn.ubuntu.com/6610-1/
USN-6669-1 https://usn.ubuntu.com/6669-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0755.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.mozilla.org/buglist.cgi?bug_id=1868456%2C1871445%2C1873701
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-06T05:00:17Z/ Found at https://bugzilla.mozilla.org/buglist.cgi?bug_id=1868456%2C1871445%2C1873701
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-06T05:00:17Z/ Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-06T05:00:17Z/ Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-0755
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-0755
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-01/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-06T05:00:17Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-01/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-02/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-06T05:00:17Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-02/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-04/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-06T05:00:17Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-04/
Exploit Prediction Scoring System (EPSS)
Percentile 0.33076
EPSS Score 0.00074
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-01-23T14:51:13.016635+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2024/mfsa2024-04.yml 34.0.0rc2