CVE-2024-1546: 
NixOS vulnerability analysis and mitigation

CVE-2024-1546 is a high-severity vulnerability discovered in Mozilla Firefox and Thunderbird that affects versions Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. The vulnerability involves an out-of-bounds memory read condition that occurs when storing and re-accessing data on a networking channel, where the length of buffers may have been confused (Mozilla Advisory, NVD).

The vulnerability stems from a confusion in buffer lengths during data handling in networking channels. When storing and re-accessing data, an out-of-bounds memory read can occur due to incorrect buffer size management. The issue specifically involves the NS_CopySegmentToBuffer function, where aCount could exceed the actual buffer size, leading to potential memory access violations. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High) with vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

The vulnerability could potentially lead to out-of-bounds memory reads, which might result in information disclosure or program crashes. In Thunderbird specifically, while the vulnerability exists, it cannot be exploited through email as scripting is disabled when reading mail, but it remains a potential risk in browser or browser-like contexts (Mozilla Advisory).

The vulnerability has been fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Users are strongly advised to upgrade to these versions or later. The fix involves explicitly transferring ownership of queued-up OnDataAvailableParams data buffers to prevent the out-of-bounds memory read condition (Mozilla Advisory, Debian Advisory).