Login Sign Up

CVE-2024-6609

8.8 HIGH

📋 TL;DR

A use-after-free vulnerability in Firefox and Thunderbird occurs when the browser is nearly out of memory, causing an elliptic curve key that was never properly allocated to be freed incorrectly. This can lead to memory corruption and potential code execution. Affects Firefox versions before 128 and Thunderbird versions before 128.

💻 Affected Systems

Products:
  • Mozilla Firefox
  • Mozilla Thunderbird
Versions: Firefox < 128, Thunderbird < 128
Operating Systems: All platforms where Firefox/Thunderbird run
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability only triggers under low memory conditions.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution allowing an attacker to take full control of the affected system.

🟠

Likely Case

Browser crash leading to denial of service or limited memory corruption.

🟢

If Mitigated

No impact if patched or if memory conditions don't trigger the vulnerability.

🌐 Internet-Facing: HIGH - Web browsers process untrusted internet content by design.
🏢 Internal Only: MEDIUM - Internal web applications could still trigger the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Requires specific memory conditions to trigger, making reliable exploitation challenging.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 128, Thunderbird 128

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2024-29/

Restart Required: Yes

Instructions:

1. Open Firefox/Thunderbird. 2. Click menu → Help → About Firefox/Thunderbird. 3. Allow automatic update to version 128 or higher. 4. Restart the application.

🔧 Temporary Workarounds

Memory limit adjustment

all

Increase available memory to reduce likelihood of triggering low-memory condition

Disable JavaScript

all

Reduce attack surface by disabling JavaScript (impacts functionality)

🧯 If You Can't Patch

  • Restrict browser usage to trusted websites only
  • Implement application whitelisting to prevent unauthorized browser execution

🔍 How to Verify

Check if Vulnerable:

Check browser version in About dialog - if Firefox < 128 or Thunderbird < 128, vulnerable.

Check Version:

firefox --version or thunderbird --version

Verify Fix Applied:

Confirm version is Firefox ≥ 128 or Thunderbird ≥ 128 in About dialog.

📡 Detection & Monitoring

Log Indicators:

  • Browser crash logs with memory corruption signatures
  • Unexpected process termination

Network Indicators:

  • Unusual outbound connections following browser crashes

SIEM Query:

Process termination where process_name contains 'firefox' OR process_name contains 'thunderbird' AND exit_code != 0

📊 Metadata

CVE ID: CVE-2024-6609
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: July 9, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON