Request a Demo
Rewterz
Multiple Microsoft Products Vulnerabilities
January 17, 2025
Rewterz
Researchers Discover NTLMv1 Exploit Bypassing Active Directory Restrictions
January 17, 2025

Multiple Mozilla Firefox Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-10467 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2024-9403 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2024-9402 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2024-9401 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2024-9396 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

Impact

  • Code Execution

Indicators of Compromise

CVE

  • CVE-2024-10467

  • CVE-2024-9403

  • CVE-2024-9402

  • CVE-2024-9401

  • CVE-2024-9396

Affected Vendors

Mozilla

Affected Products

  • Mozilla Firefox 131
  • Mozilla Firefox ESR 128.3
  • Mozilla Thunderbird 128.3
  • Mozilla Firefox - 130.0
  • Mozilla Thunderbird - 130.0
  • Mozilla Firefox ESR - 128.2
  • Mozilla Thunderbird - 128.2

Remediation

Refer to the Mozilla Foundation Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2024-10467

CVE-2024-9403

CVE-2024-9402

CVE-2024-9401

CVE-2024-9396