CVE-2024-0743
📋 TL;DR
This vulnerability involves an unchecked return value in TLS handshake code in Mozilla products, which could cause a potentially exploitable crash. It affects users of Firefox versions before 122, Firefox ESR before 115.9, and Thunderbird before 115.9.
💻 Affected Systems
- Mozilla Firefox
- Mozilla Firefox ESR
- Mozilla Thunderbird
📦 What is this software?
Firefox by Mozilla
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise if an attacker can trigger the crash in a controlled manner.
Likely Case
Denial of service through application crash during TLS handshake, potentially disrupting secure communications.
If Mitigated
Application instability or unexpected termination without further compromise if crash is not exploitable.
🎯 Exploit Status
Exploitation requires triggering the TLS handshake flaw, which could be done via malicious websites or email servers. No public exploit code has been disclosed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firefox 122, Firefox ESR 115.9, Thunderbird 115.9
Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2024-01/
Restart Required: Yes
Instructions:
1. Open the affected application. 2. Go to Help > About Firefox/Thunderbird. 3. Allow the application to check for and install updates. 4. Restart the application when prompted.
🔧 Temporary Workarounds
Disable TLS connections
allPrevent the application from making TLS connections, which would avoid triggering the vulnerability but breaks secure web browsing/email.
🧯 If You Can't Patch
- Restrict network access to only trusted websites and email servers
- Use alternative browsers/email clients until patches can be applied
🔍 How to Verify
Check if Vulnerable:
Check application version in Help > About Firefox/Thunderbird and compare to affected versions.Check Version:
firefox --version or thunderbird --version on command lineVerify Fix Applied:
Verify version is Firefox ≥122, Firefox ESR ≥115.9, or Thunderbird ≥115.9 after update.📡 Detection & Monitoring
Log Indicators:
- Application crash logs mentioning TLS handshake
- Unexpected browser/email client termination
Network Indicators:
- Failed TLS handshakes followed by application termination
SIEM Query:
source="*firefox*" OR source="*thunderbird*" AND (event="crash" OR event="terminated") AND message="*TLS*"🔗 References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1867408
- https://lists.debian.org/debian-lts-announce/2024/03/msg00010.html
- https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html
- https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html
- https://www.mozilla.org/security/advisories/mfsa2024-01/
- https://www.mozilla.org/security/advisories/mfsa2024-13/
- https://www.mozilla.org/security/advisories/mfsa2024-14/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1867408
- https://lists.debian.org/debian-lts-announce/2024/03/msg00010.html
- https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html
- https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html
- https://lists.debian.org/debian-lts-announce/2024/10/msg00028.html
- https://www.mozilla.org/security/advisories/mfsa2024-01/
- https://www.mozilla.org/security/advisories/mfsa2024-13/
- https://www.mozilla.org/security/advisories/mfsa2024-14/
