CVE-2024-8394: Use After Free

Reference Links

• https://bugzilla.mozilla.org/show_bug.cgi?id=1895737
• https://www.mozilla.org/security/advisories/mfsa2024-43/
• https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/
• https://access.redhat.com/errata/RHSA-2024:6684
• https://access.redhat.com/errata/RHSA-2024:6683
• https://access.redhat.com/errata/RHSA-2024:6722
• https://access.redhat.com/errata/RHSA-2024:6720
• https://access.redhat.com/errata/RHSA-2024:6723
• https://access.redhat.com/errata/RHSA-2024:6721
• https://access.redhat.com/errata/RHSA-2024:6719
• https://access.redhat.com/errata/RHSA-2024:6816
• https://bugzilla.redhat.com/show_bug.cgi?id=2310481

Parent vulnerabilities

(Appears in the following advisories)

• MFSA2024-43

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2024-8394
• CVE-2024-8385
• CVE-2024-8381
• CVE-2024-8382
• CVE-2024-8384
• CVE-2024-8386
• CVE-2024-8387

Frequently Asked Questions

• What is the severity of CVE-2024-8394?

  CVE-2024-8394 has the potential for high severity due to the existence of a use-after-free vulnerability that could lead to crashes.

• How do I fix CVE-2024-8394?

  To resolve CVE-2024-8394, users should update their Mozilla Thunderbird to version 128.3 or later.

• What types of systems are affected by CVE-2024-8394?

  CVE-2024-8394 affects Mozilla Thunderbird versions up to and including 128.2.

• Can CVE-2024-8394 be exploited remotely?

  Yes, CVE-2024-8394 can potentially be exploited remotely during an OTR chat session verification process.

• What is a use-after-free vulnerability in the context of CVE-2024-8394?

  In the context of CVE-2024-8394, a use-after-free vulnerability occurs when memory is accessed after it has been freed, leading to crashes or potential code execution.