{"id":"CVE-2024-11704","details":"A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox \u003c 133, Thunderbird \u003c 133, Firefox ESR \u003c 128.7, and Thunderbird \u003c 128.7.","modified":"2026-02-04T02:42:13.824655Z","published":"2024-11-26T14:15:19Z","related":["CGA-j9h6-g735-jq74","MGASA-2025-0045","MGASA-2025-0048","SUSE-SU-2025:0374-1","SUSE-SU-2025:0391-1","SUSE-SU-2025:0405-1","openSUSE-SU-2024:14583-1","openSUSE-SU-2025:14727-1","openSUSE-SU-2025:14731-1"],"references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-63/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-67/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2025-09/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2025-10/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1899402"}],"schema_version":"1.7.3"}