VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-peup-duvb-eqhx

Essentials
Severities (105)
References (41)
Severity details (19)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-peup-duvb-eqhx
Aliases	CVE-2024-10467
Summary	Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-787	Out-of-bounds Write

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10467.json
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10467.json
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00265	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00265	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00265	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00265	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00265	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00265	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00265	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
epss	0.00598	https://api.first.org/data/v1/epss?cve=CVE-2024-10467
cvssv3.1	9.8	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1829029%2C1888538%2C1900394%2C1904059%2C1917742%2C1919809%2C1923706
ssvc	Track	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1829029%2C1888538%2C1900394%2C1904059%2C1917742%2C1919809%2C1923706
cvssv3.1	9.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	8.8	https://nvd.nist.gov/vuln/detail/CVE-2024-10467
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2024-10467
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-55
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-56
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-58
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-59
cvssv3.1	6.5	https://www.mozilla.org/security/advisories/mfsa2024-55/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-55/
cvssv3.1	6.5	https://www.mozilla.org/security/advisories/mfsa2024-56/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-56/
cvssv3.1	6.5	https://www.mozilla.org/security/advisories/mfsa2024-58/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-58/
cvssv3.1	6.5	https://www.mozilla.org/security/advisories/mfsa2024-59/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-59/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10467.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-10467
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10467
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2322433		https://bugzilla.redhat.com/show_bug.cgi?id=2322433
buglist.cgi?bug_id=1829029%2C1888538%2C1900394%2C1904059%2C1917742%2C1919809%2C1923706		https://bugzilla.mozilla.org/buglist.cgi?bug_id=1829029%2C1888538%2C1900394%2C1904059%2C1917742%2C1919809%2C1923706
cpe:2.3:a:mozilla:firefox:::::-:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:::::-:::*
cpe:2.3:a:mozilla:firefox:::::esr:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:::::esr:::*
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
CVE-2024-10467		https://nvd.nist.gov/vuln/detail/CVE-2024-10467
GLSA-202412-06		https://security.gentoo.org/glsa/202412-06
GLSA-202501-10		https://security.gentoo.org/glsa/202501-10
GLSA-202505-08		https://security.gentoo.org/glsa/202505-08
mfsa2024-55		https://www.mozilla.org/en-US/security/advisories/mfsa2024-55
mfsa2024-55		https://www.mozilla.org/security/advisories/mfsa2024-55/
mfsa2024-56		https://www.mozilla.org/en-US/security/advisories/mfsa2024-56
mfsa2024-56		https://www.mozilla.org/security/advisories/mfsa2024-56/
mfsa2024-58		https://www.mozilla.org/en-US/security/advisories/mfsa2024-58
mfsa2024-58		https://www.mozilla.org/security/advisories/mfsa2024-58/
mfsa2024-59		https://www.mozilla.org/en-US/security/advisories/mfsa2024-59
mfsa2024-59		https://www.mozilla.org/security/advisories/mfsa2024-59/
RHSA-2024:8720		https://access.redhat.com/errata/RHSA-2024:8720
RHSA-2024:8721		https://access.redhat.com/errata/RHSA-2024:8721
RHSA-2024:8722		https://access.redhat.com/errata/RHSA-2024:8722
RHSA-2024:8723		https://access.redhat.com/errata/RHSA-2024:8723
RHSA-2024:8724		https://access.redhat.com/errata/RHSA-2024:8724
RHSA-2024:8725		https://access.redhat.com/errata/RHSA-2024:8725
RHSA-2024:8726		https://access.redhat.com/errata/RHSA-2024:8726
RHSA-2024:8727		https://access.redhat.com/errata/RHSA-2024:8727
RHSA-2024:8728		https://access.redhat.com/errata/RHSA-2024:8728
RHSA-2024:8729		https://access.redhat.com/errata/RHSA-2024:8729
RHSA-2024:8790		https://access.redhat.com/errata/RHSA-2024:8790
RHSA-2024:8793		https://access.redhat.com/errata/RHSA-2024:8793
RHSA-2024:9015		https://access.redhat.com/errata/RHSA-2024:9015
RHSA-2024:9016		https://access.redhat.com/errata/RHSA-2024:9016
RHSA-2024:9017		https://access.redhat.com/errata/RHSA-2024:9017
RHSA-2024:9018		https://access.redhat.com/errata/RHSA-2024:9018
RHSA-2024:9019		https://access.redhat.com/errata/RHSA-2024:9019
RHSA-2024:9552		https://access.redhat.com/errata/RHSA-2024:9552
RHSA-2024:9554		https://access.redhat.com/errata/RHSA-2024:9554
USN-7086-1		https://usn.ubuntu.com/7086-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10467.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10467.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.mozilla.org/buglist.cgi?bug_id=1829029%2C1888538%2C1900394%2C1904059%2C1917742%2C1919809%2C1923706

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-29T14:23:47Z/ Found at https://bugzilla.mozilla.org/buglist.cgi?bug_id=1829029%2C1888538%2C1900394%2C1904059%2C1917742%2C1919809%2C1923706

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-10467

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-10467

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-55/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T17:42:29Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-55/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-56/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T17:42:29Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-56/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-58/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T17:42:29Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-58/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-59/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-31T17:42:29Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-59/

Exploit Prediction Scoring System (EPSS)

Percentile	0.16666
EPSS Score	0.00045
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-10-29T17:16:17.926671+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2024/mfsa2024-56.yml	34.0.2