March 9, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Phishing Attacks Leverage Popular Document Publishing Sites – Active IOCs
March 20, 2024Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
March 21, 2024Rewterz Threat Alert – Phishing Attacks Leverage Popular Document Publishing Sites – Active IOCs
March 20, 2024Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
March 21, 2024
Severity
High
Analysis Summary
CVE-2024-2616 CVSS:6.5
Mozilla Firefox ESR and Thunderbird are vulnerable to a denial of service, caused by an error related to out-of-memory conditions in ICU. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVE-2024-2615 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2024-2613 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by the improper handling of QUIC ACK frame data. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to consume restricted memory and cause the browser to crash.
CVE-2024-2612 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free triggered by a particular code path in SafeRefPtr. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of servic
CVE-2024-2611 CVSS:6.5
Mozilla Firefox could allow a remote attacker to conduct clickjacking attack, caused by an error when a missing delay on when pointer lock was used. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to hijack the clicking actions of another user.
CVE-2024-2610 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the improper handling of html and body tags enabled CSP nonce leakage. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to bypass strict content security policies.
CVE-2024-2609 CVSS:6.5
Mozilla Firefox could allow a remote attacker to conduct clickjacking attack, caused by an error when the permission prompt input delay could have expired while the window is not in focus. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to hijack the clicking actions of another user.
CVE-2024-2608 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by integer overfows in AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding() and AppendEncodedCharacters(). By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to trigger an out-of-bounds write to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2024-2607 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by the failure of JIT code to return registers on Armv7-A systems. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2024-2606 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the mishandling of WASM register values. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to create invalid wasm values.
CVE-2024-2605 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by the use of the Windows Error Reporter as a Sandbox escape vector. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2024-2614 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
Impact
- Denial of Service
- Gain Access
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2024-2616
- CVE-2024-2615
- CVE-2024-2613
- CVE-2024-2612
- CVE-2024-2611
- CVE-2024-2610
- CVE-2024-2609
- CVE-2024-2608
- CVE-2024-2607
- CVE-2024-2606
- CVE-2024-2605
- CVE-2024-2614
Affected Vendors
Mozilla
Affected Products
- Mozilla Firefox ESR 115.8
- Mozilla Thunderbird 115.8
- Mozilla Firefox 123
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.