An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00595
Percentile: 0.68317

CVSS Scoring

Mapped CWE(s)

• CWE-704 : Incorrect Type Conversion or Cast

Affected Products

• cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
• cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
• cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
• cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
• cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

← Back to Home