{ "threat_severity" : "Moderate", "public_date" : "2024-07-09T00:00:00Z", "bugzilla" : { "description" : "Mozilla: Memory corruption in thread creation", "id" : "2296638", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2296638" }, "cvss3" : { "cvss3_base_score" : "6.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status" : "verified" }, "cwe" : "CWE-119", "details" : [ "In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIn an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption." ], "statement" : "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement" : "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Irvan Kurniawan as the original reporter.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date" : "2024-07-11T00:00:00Z", "advisory" : "RHSA-2024:4508", "cpe" : "cpe:/o:redhat:rhel_els:7", "package" : "firefox-0:115.13.0-3.el7_9" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-07-11T00:00:00Z", "advisory" : "RHSA-2024:4517", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "firefox-0:115.13.0-3.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-07-18T00:00:00Z", "advisory" : "RHSA-2024:4635", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "thunderbird-0:115.13.0-3.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date" : "2024-07-17T00:00:00Z", "advisory" : "RHSA-2024:4586", "cpe" : "cpe:/a:redhat:rhel_aus:8.2", "package" : "firefox-0:115.13.0-3.el8_2" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date" : "2024-07-23T00:00:00Z", "advisory" : "RHSA-2024:4717", "cpe" : "cpe:/a:redhat:rhel_aus:8.2", "package" : "thunderbird-0:115.13.0-3.el8_2" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2024-07-18T00:00:00Z", "advisory" : "RHSA-2024:4610", "cpe" : "cpe:/a:redhat:rhel_aus:8.4", "package" : "firefox-0:115.13.0-3.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2024-07-22T00:00:00Z", "advisory" : "RHSA-2024:4671", "cpe" : "cpe:/a:redhat:rhel_aus:8.4", "package" : "thunderbird-0:115.13.0-3.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date" : "2024-07-18T00:00:00Z", "advisory" : "RHSA-2024:4610", "cpe" : "cpe:/a:redhat:rhel_tus:8.4", "package" : "firefox-0:115.13.0-3.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date" : "2024-07-22T00:00:00Z", "advisory" : "RHSA-2024:4671", "cpe" : "cpe:/a:redhat:rhel_tus:8.4", "package" : "thunderbird-0:115.13.0-3.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date" : "2024-07-18T00:00:00Z", "advisory" : "RHSA-2024:4610", "cpe" : "cpe:/a:redhat:rhel_e4s:8.4", "package" : "firefox-0:115.13.0-3.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date" : "2024-07-22T00:00:00Z", "advisory" : "RHSA-2024:4671", "cpe" : "cpe:/a:redhat:rhel_e4s:8.4", "package" : "thunderbird-0:115.13.0-3.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date" : "2024-07-18T00:00:00Z", "advisory" : "RHSA-2024:4634", "cpe" : "cpe:/a:redhat:rhel_aus:8.6", "package" : "firefox-0:115.13.0-3.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date" : "2024-07-29T00:00:00Z", "advisory" : "RHSA-2024:4894", "cpe" : "cpe:/a:redhat:rhel_aus:8.6", "package" : "thunderbird-0:115.13.0-3.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2024-07-18T00:00:00Z", "advisory" : "RHSA-2024:4634", "cpe" : "cpe:/a:redhat:rhel_tus:8.6", "package" : "firefox-0:115.13.0-3.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2024-07-29T00:00:00Z", "advisory" : "RHSA-2024:4894", "cpe" : "cpe:/a:redhat:rhel_tus:8.6", "package" : "thunderbird-0:115.13.0-3.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2024-07-18T00:00:00Z", "advisory" : "RHSA-2024:4634", "cpe" : "cpe:/a:redhat:rhel_e4s:8.6", "package" : "firefox-0:115.13.0-3.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2024-07-29T00:00:00Z", "advisory" : "RHSA-2024:4894", "cpe" : "cpe:/a:redhat:rhel_e4s:8.6", "package" : "thunderbird-0:115.13.0-3.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date" : "2024-07-17T00:00:00Z", "advisory" : "RHSA-2024:4590", "cpe" : "cpe:/a:redhat:rhel_eus:8.8", "package" : "firefox-0:115.13.0-3.el8_8" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date" : "2024-07-23T00:00:00Z", "advisory" : "RHSA-2024:4718", "cpe" : "cpe:/a:redhat:rhel_eus:8.8", "package" : "thunderbird-0:115.13.0-3.el8_8" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-07-11T00:00:00Z", "advisory" : "RHSA-2024:4500", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "firefox-0:115.13.0-3.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-07-18T00:00:00Z", "advisory" : "RHSA-2024:4624", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "thunderbird-0:115.13.0-3.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2024-07-11T00:00:00Z", "advisory" : "RHSA-2024:4501", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "firefox-0:115.13.0-3.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2024-07-18T00:00:00Z", "advisory" : "RHSA-2024:4625", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "thunderbird-0:115.13.0-3.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2024-07-22T00:00:00Z", "advisory" : "RHSA-2024:4670", "cpe" : "cpe:/a:redhat:rhel_eus:9.2", "package" : "thunderbird-0:115.13.0-3.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2024-07-22T00:00:00Z", "advisory" : "RHSA-2024:4673", "cpe" : "cpe:/a:redhat:rhel_eus:9.2", "package" : "firefox-0:115.13.0-3.el9_2" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:enterprise_linux:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-6603\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-6603\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-30/#CVE-2024-6603\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-31/#CVE-2024-6603" ], "name" : "CVE-2024-6603", "csaw" : false }