CVE-2024-2613: High severity firefox vulnerability
Published Mar 19, 2024
·Updated
Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash.
Affected Software
3 affected componentsFixes available
Mozilla Firefox<124
124
Mozilla Firefox<124.0
debian/firefox
137.0.2-1
Remediation
Patch Available
Event History
Mar 19, 2024
CVE Published
via Mozilla·12:00 AM
CVE Published
via MITRE·12:02 PM
Data Sourced
via MITRE·12:02 PM
DescriptionWeakness
Mar 28, 2024
Data Sourced
via Launchpad·08:18 AM
Description
Mar 3, 2025
Data Sourced
via Ubuntu·02:03 PM
RemedyDescriptionSeverityAffected Software
Mar 27, 2025
Data Sourced
via Debian·02:09 PM
DescriptionAffected Software
Peer vulnerabilities
Found alongside the following vulnerabilities.
Frequently Asked Questions
1
What is the severity of CVE-2024-2613?
CVE-2024-2613 is considered a moderate severity vulnerability due to its potential to cause memory consumption and crashes.
2
How do I fix CVE-2024-2613?
To mitigate CVE-2024-2613, update Firefox to version 124 or later.
3
Which versions of Firefox are affected by CVE-2024-2613?
Firefox versions prior to 124 are affected by CVE-2024-2613.
4
Can CVE-2024-2613 be exploited remotely?
Yes, CVE-2024-2613 could be exploited remotely through crafted QUIC ACK frames.
5
What are the impacts of CVE-2024-2613?
The impacts of CVE-2024-2613 include unrestricted memory consumption leading to application crashes.