CVE-2024-10464: 
NixOS vulnerability analysis and mitigation

CVE-2024-10464 is a security vulnerability affecting Mozilla Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. The vulnerability was discovered by Andrei Enache and disclosed on October 29, 2024. It involves a potential Denial of Service condition that could be triggered through repeated writes to history interface attributes (Mozilla Advisory).

The vulnerability stems from an issue where repeated writes to history interface attributes could be exploited to cause a Denial of Service condition in the browser. Mozilla addressed this vulnerability by implementing rate-limiting to the API. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, indicating network vector attack with low complexity requiring user interaction (NVD).

The primary impact of this vulnerability is on system availability. If exploited, it could cause a Denial of Service condition in the browser, potentially making it unresponsive. The CVSS scoring indicates high impact on availability while having no direct impact on confidentiality or integrity (NVD).

The vulnerability has been patched in Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132. The fix involves implementing rate-limiting to the history interface API to prevent the Denial of Service condition. Users are advised to upgrade to these or later versions to mitigate the vulnerability (Mozilla Advisory).