9.8

CVE-2024-11704

A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133, Thunderbird < 133, Firefox ESR < 128.7, and Thunderbird < 128.7.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox SwEditionesr Version < 128.7.0
MozillaFirefox Version < 133.0
MozillaThunderbird Version < 128.7.0
MozillaThunderbird Version >= 129.0 < 133.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.92% 0.555
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-415 Double Free

The product calls free() twice on the same memory address.

https://www.mozilla.org/security/advisories/mfsa2024-63/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-67/
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1899402
Issue Tracking
Permissions Required
https://www.mozilla.org/security/advisories/mfsa2025-09/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-10/
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/02/msg00005.html
https://lists.debian.org/debian-lts-announce/2025/02/msg00006.html