CVE-2024-7526

CVE Database · CVE-2024-7526

CVE-2024-7526

· MEDIUMModified

CVSS v3.1

6.5

EPSS

0.55%

Published

Aug 6, 2024

Modified

Sep 17, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-908CWE-908

Affected Products (5)

mozilla · firefox (up to 129.0)vulnerable

mozilla · firefox_esr (up to 115.14.0)vulnerable

mozilla · firefox_esrvulnerable

mozilla · thunderbird (up to 115.14.0)vulnerable

mozilla · thunderbirdvulnerable

References (6)

https://bugzilla.mozilla.org/show_bug.cgi?id=1910306