What is the severity of CVE-2024-4777?

CVE-2024-4777 is classified as a memory safety bug that poses a risk of arbitrary code execution.

How do I fix CVE-2024-4777?

To fix CVE-2024-4777, update to Firefox 126, Firefox ESR 115.11 or later, or Thunderbird 115.11 or later.

CVE-2024-4777 affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10.

There is currently no public exploit for CVE-2024-4777, but its memory safety issues suggest potential for exploitation.

The vendor for the affected products in CVE-2024-4777 is Mozilla.

8.8

CWE

787

EPSS

0.044%

14/5/2024

22/1/2025

First published: Tue May 14 2024(Updated: )

Last updated 24 July 2024

Credit: security@mozilla.org security@mozilla.org

Affected Software	Affected Version	How to fix
redhat/firefox	<115.11	115.11
redhat/thunderbird	<115.11	115.11
debian/firefox		130.0.1-1
debian/firefox-esr		115.14.0esr-1~deb11u1 115.15.0esr-1~deb11u1 115.14.0esr-1~deb12u1 115.15.0esr-1~deb12u1 115.15.0esr-1
debian/thunderbird		1:115.12.0-1~deb11u1 1:115.15.0-1~deb11u1 1:115.12.0-1~deb12u1 1:115.15.0-1~deb12u1 1:128.2.0esr-1 1:128.2.1esr-1
Thunderbird	<115.11	115.11
Firefox	<115.11.0
Firefox	<126.0
Thunderbird	<115.11.0
Debian	=10.0
Firefox	<126	126
Firefox ESR	<115.11	115.11

(Appears in the following advisories)

(Found alongside the following vulnerabilities)

What is the severity of CVE-2024-4777?
CVE-2024-4777 is classified as a memory safety bug that poses a risk of arbitrary code execution.
How do I fix CVE-2024-4777?
To fix CVE-2024-4777, update to Firefox 126, Firefox ESR 115.11 or later, or Thunderbird 115.11 or later.
What products are affected by CVE-2024-4777?
CVE-2024-4777 affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10.
Is there a known exploit for CVE-2024-4777?
There is currently no public exploit for CVE-2024-4777, but its memory safety issues suggest potential for exploitation.
Who is the vendor for the products affected by CVE-2024-4777?
The vendor for the affected products in CVE-2024-4777 is Mozilla.