CVE-2024-4777
- EPSS 0.54%
- Veröffentlicht 14.05.2024 18:15:16
- Zuletzt bearbeitet 13.03.2025 17:15:33
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This ...
CVE-2024-4768
- EPSS 0.53%
- Veröffentlicht 14.05.2024 18:15:14
- Zuletzt bearbeitet 01.04.2025 18:00:09
A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
CVE-2024-4769
- EPSS 0.37%
- Veröffentlicht 14.05.2024 18:15:14
- Zuletzt bearbeitet 01.04.2025 17:46:33
When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affect...
CVE-2024-4767
- EPSS 0.49%
- Veröffentlicht 14.05.2024 18:15:13
- Zuletzt bearbeitet 01.04.2025 17:47:50
If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11,...
CVE-2024-4367
- EPSS 72.65%
- Veröffentlicht 14.05.2024 18:15:12
- Zuletzt bearbeitet 12.05.2026 12:17:19
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
CVE-2024-27401
- EPSS 0.3%
- Veröffentlicht 14.05.2024 15:12:29
- Zuletzt bearbeitet 22.01.2026 20:39:28
In the Linux kernel, the following vulnerability has been resolved: firewire: nosy: ensure user_length is taken into account when fetching packet contents Ensure that packet_buffer_get respects the user_length provided. If the length of the head pa...
CVE-2024-27398
- EPSS 0.76%
- Veröffentlicht 14.05.2024 15:12:28
- Zuletzt bearbeitet 22.01.2026 20:37:07
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socket is releasing, timeout_work will be scheduled to judge ...
CVE-2024-27399
- EPSS 0.3%
- Veröffentlicht 14.05.2024 15:12:28
- Zuletzt bearbeitet 22.01.2026 20:37:12
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout There is a race condition between l2cap_chan_timeout() and l2cap_chan_del(). When we use l2cap_chan_del() to delete the c...
CVE-2024-27395
- EPSS 0.24%
- Veröffentlicht 14.05.2024 15:12:27
- Zuletzt bearbeitet 12.05.2026 12:16:32
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovs_ct_exit Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal of ovs_ct_limit_exit, is not part of the RCU read cri...
CVE-2024-27396
- EPSS 0.24%
- Veröffentlicht 14.05.2024 15:12:27
- Zuletzt bearbeitet 12.05.2026 12:16:32
In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in gtp_dellink Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of gtp_dellink, is not part of the RCU read critical section, ...