Search for vulnerabilities
Vulnerability details: VCID-qebz-sz1v-h7h9
Vulnerability ID VCID-qebz-sz1v-h7h9
Aliases CVE-2024-5700
Summary Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5700.json
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2024-5700
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2024-5700
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2024-5700
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2024-5700
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2024-5700
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2024-5700
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2024-5700
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2024-5700
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2024-5700
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2024-5700
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2024-5700
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2024-5700
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2024-5700
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2024-5700
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2024-5700
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2024-5700
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2024-5700
epss 0.00189 https://api.first.org/data/v1/epss?cve=CVE-2024-5700
cvssv3.1 7 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1862809%2C1889355%2C1893388%2C1895123
ssvc Track https://bugzilla.mozilla.org/buglist.cgi?bug_id=1862809%2C1889355%2C1893388%2C1895123
cvssv3.1 7 https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html
ssvc Track https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html
cvssv3.1 7 https://lists.debian.org/debian-lts-announce/2024/06/msg00010.html
ssvc Track https://lists.debian.org/debian-lts-announce/2024/06/msg00010.html
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-25
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-26
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-28
cvssv3.1 7 https://www.mozilla.org/security/advisories/mfsa2024-25/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2024-25/
cvssv3.1 7 https://www.mozilla.org/security/advisories/mfsa2024-26/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2024-26/
cvssv3.1 7 https://www.mozilla.org/security/advisories/mfsa2024-28/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2024-28/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5700.json
https://api.first.org/data/v1/epss?cve=CVE-2024-5700
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5688
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5691
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5693
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5700
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5702
2291401 https://bugzilla.redhat.com/show_bug.cgi?id=2291401
buglist.cgi?bug_id=1862809%2C1889355%2C1893388%2C1895123 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1862809%2C1889355%2C1893388%2C1895123
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CVE-2024-5700 https://nvd.nist.gov/vuln/detail/CVE-2024-5700
mfsa2024-25 https://www.mozilla.org/en-US/security/advisories/mfsa2024-25
mfsa2024-25 https://www.mozilla.org/security/advisories/mfsa2024-25/
mfsa2024-26 https://www.mozilla.org/en-US/security/advisories/mfsa2024-26
mfsa2024-26 https://www.mozilla.org/security/advisories/mfsa2024-26/
mfsa2024-28 https://www.mozilla.org/en-US/security/advisories/mfsa2024-28
mfsa2024-28 https://www.mozilla.org/security/advisories/mfsa2024-28/
msg00000.html https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html
msg00010.html https://lists.debian.org/debian-lts-announce/2024/06/msg00010.html
RHSA-2024:3949 https://access.redhat.com/errata/RHSA-2024:3949
RHSA-2024:3950 https://access.redhat.com/errata/RHSA-2024:3950
RHSA-2024:3951 https://access.redhat.com/errata/RHSA-2024:3951
RHSA-2024:3952 https://access.redhat.com/errata/RHSA-2024:3952
RHSA-2024:3953 https://access.redhat.com/errata/RHSA-2024:3953
RHSA-2024:3954 https://access.redhat.com/errata/RHSA-2024:3954
RHSA-2024:3955 https://access.redhat.com/errata/RHSA-2024:3955
RHSA-2024:3958 https://access.redhat.com/errata/RHSA-2024:3958
RHSA-2024:3972 https://access.redhat.com/errata/RHSA-2024:3972
RHSA-2024:4001 https://access.redhat.com/errata/RHSA-2024:4001
RHSA-2024:4002 https://access.redhat.com/errata/RHSA-2024:4002
RHSA-2024:4003 https://access.redhat.com/errata/RHSA-2024:4003
RHSA-2024:4004 https://access.redhat.com/errata/RHSA-2024:4004
RHSA-2024:4015 https://access.redhat.com/errata/RHSA-2024:4015
RHSA-2024:4016 https://access.redhat.com/errata/RHSA-2024:4016
RHSA-2024:4018 https://access.redhat.com/errata/RHSA-2024:4018
RHSA-2024:4036 https://access.redhat.com/errata/RHSA-2024:4036
RHSA-2024:4063 https://access.redhat.com/errata/RHSA-2024:4063
USN-6840-1 https://usn.ubuntu.com/6840-1/
USN-6862-1 https://usn.ubuntu.com/6862-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5700.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.mozilla.org/buglist.cgi?bug_id=1862809%2C1889355%2C1893388%2C1895123
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-11T16:16:36Z/ Found at https://bugzilla.mozilla.org/buglist.cgi?bug_id=1862809%2C1889355%2C1893388%2C1895123
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-11T16:16:36Z/ Found at https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2024/06/msg00010.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-11T16:16:36Z/ Found at https://lists.debian.org/debian-lts-announce/2024/06/msg00010.html
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-25/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-11T16:16:36Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-25/
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-26/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-11T16:16:36Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-26/
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-28/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-11T16:16:36Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-28/
Exploit Prediction Scoring System (EPSS)
Percentile 0.35783
EPSS Score 0.00146
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:09:04.746672+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2024/mfsa2024-28.yml 37.0.0