Security Advisory

CVE-2024-3302

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-04-16 15:14:09

Last updated 2025-03-28 23:33:26

Assigner mozilla

State PUBLISHED

Description

There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

← Browse all CVEs View on cve.org ↗