MFSA2025-09 Firefox: Security Vulnerabilities fixed in Firefox ESR 128.7 (CVE-2024-11704)

发布于3月6日3月6日

Members

MFSA2025-09 Firefox: Security Vulnerabilities fixed in Firefox ESR 128.7 (CVE-2024-11704)

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

11/26/2024

Created

02/05/2025

Added

02/05/2025

Modified

02/06/2025

Description

A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133, Thunderbird < 133, Firefox ESR < 128.7, and Thunderbird < 128.7.

Solution(s)

mozilla-firefox-esr-upgrade-128_7

References

https://attackerkb.com/topics/cve-2024-11704
CVE - 2024-11704
http://www.mozilla.org/security/announce/2025/mfsa2025-09.html

引用

Mention

查看数 695
已创建 3月6日3月6日
最后回复 3月6日3月6日

参与讨论

你可立刻发布并稍后注册。如果你有帐户，立刻登录发布帖子。

https://www.ishack.org/topic/44541.html/

粉丝

转到主题列表

登录

MFSA2025-09 Firefox: Security Vulnerabilities fixed in Firefox ESR 128.7 (CVE-2024-11704)

recommended_posts

MFSA2025-09 Firefox: Security Vulnerabilities fixed in Firefox ESR 128.7 (CVE-2024-11704)

Description

Solution(s)

References

参与讨论

欢迎来到红帽社区

帐户

导航

搜索