CVE-2024-0743
Mozilla: Crash in NSS TLS method
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9.
Un valor de retorno no verificado en el código de protocolo de enlace TLS podría haber causado un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 122.
The Mozilla Foundation Security Advisory describes this flaw as: An unchecked return value in TLS handshake code could have caused a potentially exploitable crash.
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Cornel Ionce discovered that Firefox did not properly manage memory when opening the print preview dialog. An attacker could potentially exploit this issue to cause a denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2024-01-19 CVE Reserved
- 2024-01-23 CVE Published
- 2025-02-13 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-252: Unchecked Return Value
CAPEC
References (8)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.mozilla.org/security/advisories/mfsa2024-01 | 2024-03-25 | |
| https://access.redhat.com/security/cve/CVE-2024-0743 | 2024-03-25 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2260012 | 2024-03-25 |