Search for vulnerabilities
Vulnerability details: VCID-uymu-4exb-aaap
Vulnerability ID VCID-uymu-4exb-aaap
Aliases CVE-2024-3859
Summary On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-190 Integer Overflow or Wraparound
CWE-125 Out-of-bounds Read
System Score Found at
cvssv3 6.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3859.json
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00449 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00449 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.00786 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.01154 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.01154 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.01154 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.01154 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.01154 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.01154 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.01154 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.01154 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.01154 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.01154 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.01154 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.01154 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.01154 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.01154 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.01154 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.01154 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.01154 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.01197 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
epss 0.01197 https://api.first.org/data/v1/epss?cve=CVE-2024-3859
cvssv3.1 6.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-18
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-19
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-20
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3859.json
https://api.first.org/data/v1/epss?cve=CVE-2024-3859
https://bugzilla.mozilla.org/show_bug.cgi?id=1874489
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2609
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3854
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3857
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3859
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3864
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html
https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html
https://www.mozilla.org/security/advisories/mfsa2024-18/
https://www.mozilla.org/security/advisories/mfsa2024-19/
https://www.mozilla.org/security/advisories/mfsa2024-20/
2275552 https://bugzilla.redhat.com/show_bug.cgi?id=2275552
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVE-2024-3859 https://nvd.nist.gov/vuln/detail/CVE-2024-3859
GLSA-202405-32 https://security.gentoo.org/glsa/202405-32
GLSA-202407-19 https://security.gentoo.org/glsa/202407-19
GLSA-202408-02 https://security.gentoo.org/glsa/202408-02
mfsa2024-18 https://www.mozilla.org/en-US/security/advisories/mfsa2024-18
mfsa2024-19 https://www.mozilla.org/en-US/security/advisories/mfsa2024-19
mfsa2024-20 https://www.mozilla.org/en-US/security/advisories/mfsa2024-20
RHSA-2024:1904 https://access.redhat.com/errata/RHSA-2024:1904
RHSA-2024:1905 https://access.redhat.com/errata/RHSA-2024:1905
RHSA-2024:1906 https://access.redhat.com/errata/RHSA-2024:1906
RHSA-2024:1907 https://access.redhat.com/errata/RHSA-2024:1907
RHSA-2024:1908 https://access.redhat.com/errata/RHSA-2024:1908
RHSA-2024:1909 https://access.redhat.com/errata/RHSA-2024:1909
RHSA-2024:1910 https://access.redhat.com/errata/RHSA-2024:1910
RHSA-2024:1911 https://access.redhat.com/errata/RHSA-2024:1911
RHSA-2024:1912 https://access.redhat.com/errata/RHSA-2024:1912
RHSA-2024:1934 https://access.redhat.com/errata/RHSA-2024:1934
RHSA-2024:1935 https://access.redhat.com/errata/RHSA-2024:1935
RHSA-2024:1936 https://access.redhat.com/errata/RHSA-2024:1936
RHSA-2024:1937 https://access.redhat.com/errata/RHSA-2024:1937
RHSA-2024:1938 https://access.redhat.com/errata/RHSA-2024:1938
RHSA-2024:1939 https://access.redhat.com/errata/RHSA-2024:1939
RHSA-2024:1940 https://access.redhat.com/errata/RHSA-2024:1940
RHSA-2024:1941 https://access.redhat.com/errata/RHSA-2024:1941
RHSA-2024:1982 https://access.redhat.com/errata/RHSA-2024:1982
USN-6747-1 https://usn.ubuntu.com/6747-1/
USN-6750-1 https://usn.ubuntu.com/6750-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3859.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.11214
EPSS Score 0.00044
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-04-23T17:19:58.111826+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-3859 34.0.0rc4