CVE-2024-7531
Published: 6 August 2024
Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.
Notes
Author | Note |
---|---|
mdeslaur |
mozjs* contain a copy of the SpiderMonkey JavaScript engine. It is not feasible to backport security fixes to the mozjs* packages, as such, marking them as ignored. starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap starting with Ubuntu 24.04, the thunderbird package is just a script that installs the Thunderbird snap |
Priority
Status
Package | Release | Status |
---|---|---|
firefox
Launchpad, Ubuntu, Debian |
focal |
Released
(129.0.1+build1-0ubuntu0.20.04.1)
|
jammy |
Not vulnerable
(code not present)
|
|
noble |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|
|
mozjs102
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Ignored
|
|
noble |
Ignored
|
|
upstream |
Needs triage
|
|
mozjs115
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Does not exist
|
|
noble |
Ignored
|
|
upstream |
Needs triage
|
|
mozjs38
Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Needs triage
|
|
mozjs52
Launchpad, Ubuntu, Debian |
bionic |
Ignored
|
focal |
Ignored
|
|
jammy |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Needs triage
|
|
mozjs68
Launchpad, Ubuntu, Debian |
focal |
Ignored
|
jammy |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Needs triage
|
|
mozjs78
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Ignored
|
|
noble |
Does not exist
|
|
upstream |
Needs triage
|
|
mozjs91
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Ignored
|
|
noble |
Does not exist
|
|
upstream |
Needs triage
|
|
thunderbird
Launchpad, Ubuntu, Debian |
focal |
Needed
|
jammy |
Needed
|
|
noble |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
References
- https://www.cve.org/CVERecord?id=CVE-2024-7531
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7531
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7531
- https://bugzilla.mozilla.org/show_bug.cgi?id=1905691
- https://www.mozilla.org/security/advisories/mfsa2024-33/
- https://www.mozilla.org/security/advisories/mfsa2024-34/
- https://www.mozilla.org/security/advisories/mfsa2024-35/
- https://ubuntu.com/security/notices/USN-6966-1
- NVD
- Launchpad
- Debian