{"id":"CVE-2024-2608","details":"`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9.","modified":"2026-04-16T04:40:04.739497350Z","published":"2024-03-19T12:15:08.843Z","related":["ALSA-2024:1484","ALSA-2024:1485","ALSA-2024:1493","ALSA-2024:1494","CGA-w7j4-qcvp-74p7","SUSE-SU-2024:0971-1","SUSE-SU-2024:1002-1","SUSE-SU-2024:1147-1","openSUSE-SU-2024:13789-1","openSUSE-SU-2024:13795-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-12/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-13/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-14/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1880692"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-2608.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"115.9.0"}]},{"events":[{"introduced":"0"},{"fixed":"124.0"}]},{"events":[{"introduced":"0"},{"fixed":"115.9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}