Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:4500 advisory.

    * Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13     (CVE-2024-6604)

    * Mozilla: Race condition in permission assignment (CVE-2024-6601)

    * Mozilla: Memory corruption in thread creation (CVE-2024-6603)

Tenable has extracted the preceding description block directly from the Rocky Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4500 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13     (CVE-2024-6604)

    * Mozilla: Race condition in permission assignment (CVE-2024-6601)

    * Mozilla: Memory corruption in thread creation (CVE-2024-6603)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4517 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13     (CVE-2024-6604)

    * Mozilla: Race condition in permission assignment (CVE-2024-6601)

    * Mozilla: Memory corruption in thread creation (CVE-2024-6603)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4508 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13     (CVE-2024-6604)

    * Mozilla: Race condition in permission assignment (CVE-2024-6601)

    * Mozilla: Memory corruption in thread creation (CVE-2024-6603)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4501 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13     (CVE-2024-6604)

    * Mozilla: Race condition in permission assignment (CVE-2024-6601)

    * Mozilla: Memory corruption in thread creation (CVE-2024-6603)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-4517 advisory.

    [115.13.0-3.0.1]
    - Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file

    [115.13.0]
    - Add debranding patches (Mustafa Gezen)
    - Add OpenELA default preferences (Louis Abel)

    [115.13.0-3]
    - Update to 115.13.0 build3

    [115.13.0-2]
    - Update to 115.13.0 build2

    [115.13.0-1]
    - Update to 115.13.0 build1

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2399-1 advisory.

    Update to Firefox Extended Support Release 115.13.0 ESR (MFSA 2024-30, bsc#1226316):

    - CVE-2024-6600: Memory corruption in WebGL API
    - CVE-2024-6601: Race condition in permission assignment
    - CVE-2024-6602: Memory corruption in NSS
    - CVE-2024-6603: Memory corruption in thread creation
    - CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13

    Other fixes:

    - Fix GNOME search provider (bsc#1225278)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4500 advisory.

    [115.13.0-3.0.1]
    - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file

    [115.13.0]
    - Add debranding patches (Mustafa Gezen)
    - Add OpenELA default preferences (Louis Abel)

    [115.13.0-3]
    - Update to 115.13.0 build3

    [115.13.0-2]
    - Update to 115.13.0 build2

    [115.13.0-1]
    - Update to 115.13.0 build1

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5727 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5727-1                   security@debian.org     https://www.debian.org/security/                     Salvatore Bonaccorso     July 10, 2024                         https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : firefox-esr     CVE ID         : CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6604

    Multiple security issues have been found in the Mozilla Firefox web     browser, which could potentially result in the execution of arbitrary     code or privilege escalation.

    For the oldstable distribution (bullseye), these problems have been fixed     in version 115.13.0esr-1~deb11u1.

    For the stable distribution (bookworm), these problems have been fixed in     version 115.13.0esr-1~deb12u1.

    We recommend that you upgrade your firefox-esr packages.

    For the detailed security status of firefox-esr please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/firefox-esr

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-fc815ee65f advisory.

    - Updated to latest upstream (128.0)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of mozilla-firefox installed on the remote host is prior to 115.13.0esr / 128.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-192-01 advisory.

    New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues.

Tenable has extracted the preceding description block directly from the mozilla-firefox security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2371-1 advisory.

    Update to Firefox Extended Support Release 115.13.0 ESR (MFSA 2024-30, bsc#1226316):

    - CVE-2024-6600: Memory corruption in WebGL API
    - CVE-2024-6601: Race condition in permission assignment
    - CVE-2024-6602: Memory corruption in NSS
    - CVE-2024-6603: Memory corruption in thread creation
    - CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13

    Other fixes:

    - Fix GNOME search provider (bsc#1225278)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6890-1 advisory.

    Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially     crafted website, an attacker could potentially exploit these to cause a denial of service, obtain     sensitive information across domains, or execute arbitrary code. (CVE-2024-6601, CVE-2024-6604,     CVE-2024-6607, CVE-2024-6608, CVE-2024-6610, CVE-2024-6611, CVE-2024-6612, CVE-2024-6613, CVE-2024-6614,     CVE-2024-6615)

    It was discovered that Firefox did not properly manage certain memory operations in the NSS. An attacker     could potentially exploit this issue to cause a denial of service, or execute arbitrary code.
    (CVE-2024-6602, CVE-2024-6609)

    Irvan Kurniawan discovered that Firefox did not properly manage memory during thread creation. An attacker     could potentially exploit this issue to cause a denial of service, or execute arbitrary code.

    (CVE-2024-6603)

    It was discovered that Firefox incorrectly handled array accesses in the clipboard component, leading to     an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denial of     service or expose sensitive information. (CVE-2024-6606)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f9e8f7d3a7 advisory.

    - Updated to latest upstream (128.0)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.13. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-30 advisory.

  - Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could     occur when allocating more than 8192 ints in private shader memory on mac OS. (CVE-2024-6600)

  - A race condition could lead to a cross-origin container obtaining permissions of the top-level origin.
    (CVE-2024-6601)

  - A mismatch between allocator and deallocator could have lead to memory corruption. (CVE-2024-6602)

  - In an out-of-memory scenario an allocation could fail but free would have been called on the pointer     afterwards leading to memory corruption. (CVE-2024-6603)

  - Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2024-6604)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 115.13. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-30 advisory.

  - Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could     occur when allocating more than 8192 ints in private shader memory on mac OS. (CVE-2024-6600)

  - A race condition could lead to a cross-origin container obtaining permissions of the top-level origin.
    (CVE-2024-6601)

  - A mismatch between allocator and deallocator could have lead to memory corruption. (CVE-2024-6602)

  - In an out-of-memory scenario an allocation could fail but free would have been called on the pointer     afterwards leading to memory corruption. (CVE-2024-6603)

  - Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2024-6604)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 128.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-29 advisory.

  - Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking.
    (CVE-2024-6605)

  - Clipboard code failed to check the index on an array access. This could have lead to an out-of-bounds     read. (CVE-2024-6606)

  - It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay     customValidity notifications from a <code><select></code> element over certain permission prompts.
    This could be used to confuse a user into giving a site unintended permissions. (CVE-2024-6607)

  - It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor     outside of the viewport and the Firefox window. (CVE-2024-6608)

  - When almost out-of-memory an elliptic curve key which was never allocated could have been freed again.
    (CVE-2024-6609)

  - Form validation popups could capture escape key presses. Therefore, spamming form validation messages     could be used to prevent users from exiting full-screen mode. (CVE-2024-6610)

  - Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could     occur when allocating more than 8192 ints in private shader memory on mac OS. (CVE-2024-6600)

  - A race condition could lead to a cross-origin container obtaining permissions of the top-level origin.
    (CVE-2024-6601)

  - A mismatch between allocator and deallocator could have lead to memory corruption. (CVE-2024-6602)

  - In an out-of-memory scenario an allocation could fail but free would have been called on the pointer     afterwards leading to memory corruption. (CVE-2024-6603)

  - A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies.
    (CVE-2024-6611)

  - CSP violations generated links in the console tab of the developer tools, pointing to the violating     resource. This caused a DNS prefetch which leaked that a CSP violation happened. (CVE-2024-6612)

  - The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect     stack traces. (CVE-2024-6613, CVE-2024-6614)

  - Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2024-6604)

  - Memory safety bugs present in Firefox 127. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code.
    (CVE-2024-6615)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 128.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-29 advisory.

  - Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking.
    (CVE-2024-6605)

  - Clipboard code failed to check the index on an array access. This could have lead to an out-of-bounds     read. (CVE-2024-6606)

  - It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay     customValidity notifications from a <code><select></code> element over certain permission prompts.
    This could be used to confuse a user into giving a site unintended permissions. (CVE-2024-6607)

  - It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor     outside of the viewport and the Firefox window. (CVE-2024-6608)

  - When almost out-of-memory an elliptic curve key which was never allocated could have been freed again.
    (CVE-2024-6609)

  - Form validation popups could capture escape key presses. Therefore, spamming form validation messages     could be used to prevent users from exiting full-screen mode. (CVE-2024-6610)

  - Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could     occur when allocating more than 8192 ints in private shader memory on mac OS. (CVE-2024-6600)

  - A race condition could lead to a cross-origin container obtaining permissions of the top-level origin.
    (CVE-2024-6601)

  - A mismatch between allocator and deallocator could have lead to memory corruption. (CVE-2024-6602)

  - In an out-of-memory scenario an allocation could fail but free would have been called on the pointer     afterwards leading to memory corruption. (CVE-2024-6603)

  - A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies.
    (CVE-2024-6611)

  - CSP violations generated links in the console tab of the developer tools, pointing to the violating     resource. This caused a DNS prefetch which leaked that a CSP violation happened. (CVE-2024-6612)

  - The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect     stack traces. (CVE-2024-6613, CVE-2024-6614)

  - Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2024-6604)

  - Memory safety bugs present in Firefox 127. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code.
    (CVE-2024-6615)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
202387	Rocky Linux 9 : firefox (RLSA-2024:4500)	Nessus	Rocky Linux Local Security Checks	high
202377	RHEL 9 : firefox (RHSA-2024:4500)	Nessus	Red Hat Local Security Checks	high
202376	RHEL 8 : firefox (RHSA-2024:4517)	Nessus	Red Hat Local Security Checks	high
202375	RHEL 7 : firefox (RHSA-2024:4508)	Nessus	Red Hat Local Security Checks	high
202373	RHEL 9 : firefox (RHSA-2024:4501)	Nessus	Red Hat Local Security Checks	high
202273	Oracle Linux 8 : firefox (ELSA-2024-4517)	Nessus	Oracle Linux Local Security Checks	high
202254	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2024:2399-1)	Nessus	SuSE Local Security Checks	critical
202243	Oracle Linux 9 : firefox (ELSA-2024-4500)	Nessus	Oracle Linux Local Security Checks	critical
202167	Debian dsa-5727 : firefox-esr - security update	Nessus	Debian Local Security Checks	critical
202162	Fedora 39 : firefox (2024-fc815ee65f)	Nessus	Fedora Local Security Checks	critical
202150	Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2024-192-01)	Nessus	Slackware Local Security Checks	critical
202101	SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2024:2371-1)	Nessus	SuSE Local Security Checks	critical
202049	Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6890-1)	Nessus	Ubuntu Local Security Checks	critical
202047	Fedora 40 : firefox (2024-f9e8f7d3a7)	Nessus	Fedora Local Security Checks	critical
202020	Mozilla Firefox ESR < 115.13	Nessus	MacOS X Local Security Checks	critical
202019	Mozilla Firefox ESR < 115.13	Nessus	Windows	critical
202018	Mozilla Firefox < 128.0	Nessus	MacOS X Local Security Checks	critical
202017	Mozilla Firefox < 128.0	Nessus	Windows	critical

Detections

Analytics

CVE-2024-6604

high

Tenable Plugins

high

high

high

high

high

high

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical