FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- double free error

Affected packages
firefox < 133.0,2
firefox-esr < 128.7.0
thunderbird < 133.0

Details

VuXML ID b65b1217-1887-11f0-a8ce-b42e991fc52e
Discovery 2024-11-26
Entry 2025-04-13

security@mozilla.org reports:

A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption.

[source]

References

CVE Name CVE-2024-11704
URL https://nvd.nist.gov/vuln/detail/CVE-2024-11704

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.