CVE-2024-8394

Summary

When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2.

Affected Software

VendorProductVersion RangeStatus
MozillaThunderbirdunspecified < 128.2affected

Weaknesses

  • Crash when aborting verification of OTR chat

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References