CVE-2024-6606

Clipboard code failed to check the index on an array access. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 128 and Thunderbird < 128.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1902305	Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2024-29/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-32/	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1902305	Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2024-29/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-32/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

History

04 Apr 2025, 14:42

Type	Values Removed	Values Added
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=1902305 -~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=1902305 - Issue Tracking
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-29/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-29/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-32/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-32/ - Vendor Advisory
First Time		Mozilla firefox Mozilla thunderbird Mozilla
CPE		cpe:2.3:a:mozilla:firefox:::::::: cpe:2.3:a:mozilla:thunderbird::::::::

25 Mar 2025, 14:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.2

09 Jan 2025, 22:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : unknown
CWE		CWE-125

26 Nov 2024, 14:15

Type	Values Removed	Values Added
Summary	~~(en) Clipboard code failed to check the index on an array access. This could have lead to an out-of-bounds read. This vulnerability affects Firefox < 128 and Thunderbird < 128.~~	(en) Clipboard code failed to check the index on an array access. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 128 and Thunderbird < 128.

21 Nov 2024, 09:49

Type	Values Removed	Values Added
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=1902305 -~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=1902305 -
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-29/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-29/ -
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-32/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-32/ -

16 Jul 2024, 18:15

Type	Values Removed	Values Added
References		() https://www.mozilla.org/security/advisories/mfsa2024-32/ -
Summary	~~(en) Clipboard code failed to check the index on an array access. This could have lead to an out-of-bounds read. This vulnerability affects Firefox < 128.~~	(en) Clipboard code failed to check the index on an array access. This could have lead to an out-of-bounds read. This vulnerability affects Firefox < 128 and Thunderbird < 128.

11 Jul 2024, 15:06

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
Summary		(es) El código del portapapeles no pudo verificar el índice en un acceso a la matriz. Esto podría haber dado lugar a una lectura fuera de los límites. Esta vulnerabilidad afecta a Firefox < 128.

09 Jul 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-09 15:15

Updated : 2025-04-04 14:42

NVD link : CVE-2024-6606

Mitre link : CVE-2024-6606

CVE.ORG link : CVE-2024-6606

JSON object : View

Products Affected

mozilla

thunderbird
firefox

CWE

CWE-125

Out-of-bounds Read

8.2 /10