VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-kka4-ezbp-skf2

Essentials
Severities (91)
References (39)
Severity details (15)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-kka4-ezbp-skf2
Aliases	CVE-2024-11699
Summary	Memory safety bugs present in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

System	Score	Found at
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11699.json
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00106	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00106	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00106	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00106	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00106	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00106	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00106	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00106	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00106	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
epss	0.00423	https://api.first.org/data/v1/epss?cve=CVE-2024-11699
cvssv3.1	8.8	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911
ssvc	Track	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-63
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-64
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-67
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-68
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2024-63/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-63/
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2024-64/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-64/
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2024-67/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-67/
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2024-68/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-68/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11699.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-11699
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11699
2328947		https://bugzilla.redhat.com/show_bug.cgi?id=2328947
buglist.cgi?bug_id=1880582%2C1929911		https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox:::::esr:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:::::esr:::*
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
CVE-2024-11699		https://nvd.nist.gov/vuln/detail/CVE-2024-11699
GLSA-202501-10		https://security.gentoo.org/glsa/202501-10
GLSA-202505-03		https://security.gentoo.org/glsa/202505-03
mfsa2024-63		https://www.mozilla.org/en-US/security/advisories/mfsa2024-63
mfsa2024-63		https://www.mozilla.org/security/advisories/mfsa2024-63/
mfsa2024-64		https://www.mozilla.org/en-US/security/advisories/mfsa2024-64
mfsa2024-64		https://www.mozilla.org/security/advisories/mfsa2024-64/
mfsa2024-67		https://www.mozilla.org/en-US/security/advisories/mfsa2024-67
mfsa2024-67		https://www.mozilla.org/security/advisories/mfsa2024-67/
mfsa2024-68		https://www.mozilla.org/en-US/security/advisories/mfsa2024-68
mfsa2024-68		https://www.mozilla.org/security/advisories/mfsa2024-68/
RHSA-2024:10591		https://access.redhat.com/errata/RHSA-2024:10591
RHSA-2024:10592		https://access.redhat.com/errata/RHSA-2024:10592
RHSA-2024:10667		https://access.redhat.com/errata/RHSA-2024:10667
RHSA-2024:10702		https://access.redhat.com/errata/RHSA-2024:10702
RHSA-2024:10703		https://access.redhat.com/errata/RHSA-2024:10703
RHSA-2024:10704		https://access.redhat.com/errata/RHSA-2024:10704
RHSA-2024:10710		https://access.redhat.com/errata/RHSA-2024:10710
RHSA-2024:10733		https://access.redhat.com/errata/RHSA-2024:10733
RHSA-2024:10734		https://access.redhat.com/errata/RHSA-2024:10734
RHSA-2024:10742		https://access.redhat.com/errata/RHSA-2024:10742
RHSA-2024:10743		https://access.redhat.com/errata/RHSA-2024:10743
RHSA-2024:10745		https://access.redhat.com/errata/RHSA-2024:10745
RHSA-2024:10748		https://access.redhat.com/errata/RHSA-2024:10748
RHSA-2024:10752		https://access.redhat.com/errata/RHSA-2024:10752
RHSA-2024:10844		https://access.redhat.com/errata/RHSA-2024:10844
RHSA-2024:10848		https://access.redhat.com/errata/RHSA-2024:10848
RHSA-2024:10849		https://access.redhat.com/errata/RHSA-2024:10849
RHSA-2024:10880		https://access.redhat.com/errata/RHSA-2024:10880
RHSA-2024:10881		https://access.redhat.com/errata/RHSA-2024:10881
USN-7134-1		https://usn.ubuntu.com/7134-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11699.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:00:52Z/ Found at https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-63/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:00:52Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-63/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-64/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:00:52Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-64/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-67/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:00:52Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-67/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-68/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:00:52Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-68/

Exploit Prediction Scoring System (EPSS)

Percentile	0.17226
EPSS Score	0.00045
Published At	Nov. 28, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-11-26T20:11:45.134178+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2024/mfsa2024-67.yml	35.0.0