Unrated severityNVD Advisory· Published Sep 6, 2024· Updated Mar 19, 2025
CVE-2024-8394
CVE-2024-8394
Description
When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- osv-coords8 versionspkg:deb/ubuntu/thunderbirdpkg:rpm/almalinux/thunderbirdpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6
>= 0+ 7 more
- (no CPE)range: >= 0
- (no CPE)range: < 128.2.0-1.el9_4.alma.1
- (no CPE)range: < 128.2.3-150200.8.177.1
- (no CPE)range: < 128.2.3-150200.8.177.1
- (no CPE)range: < 128.2.3-150200.8.177.1
- (no CPE)range: < 128.2.3-150200.8.177.1
- (no CPE)range: < 128.2.3-150200.8.177.1
- (no CPE)range: < 128.2.3-150200.8.177.1
- Range: unspecified
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.