CVE-2024-6602: 
NixOS vulnerability analysis and mitigation

CVE-2024-6602 is a security vulnerability identified in Mozilla products that involves a mismatch between allocator and deallocator which could lead to memory corruption. The vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128 (Mozilla Advisory, NVD).

The vulnerability is classified with a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The issue stems from a mismatch between memory allocation and deallocation operations in the NSS (Network Security Services) component, which could result in memory corruption (CISA ADP).

The vulnerability could potentially lead to memory corruption in affected systems. Given the CVSS score and vector, successful exploitation could result in high impacts on confidentiality, integrity, and availability of the affected systems, with no special privileges or user interaction required (Mozilla Advisory).

The vulnerability has been fixed in Firefox 128, Firefox ESR 115.13, Thunderbird 115.13, and Thunderbird 128. Users are advised to update to these or later versions to mitigate the risk (Mozilla Advisory, Red Hat).