CVE-2024-7527
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Aug 6, 2024
Updated: Aug 12, 2024
CWE ID 416
Summary
CVE-2024-7527 is a use-after-free vulnerability affecting multiple versions of Firefox (<129, ESR < 115.14, ESR < 128.1), and Thunderbird (<128.1, <115.14). The flaw arises when marking work is unexpectedly initiated at the start of sweeping, potentially leading to memory being accessed after it has been freed. This issue may result in arbitrary code execution or crashes, posing a significant security risk to users. It is essential to update these applications to their latest patched versions to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Mozilla Thunderbird
- Mozilla Firefox
- Mozilla Firefox ESR
Affected Vendors
- Mozilla