CVE-2024-0745 — Out-of-bounds Write in Mozilla Firefox

Vendor	Product	Version range	Fixed in
debian	firefox	< firefox 122.0-1 (sid)	firefox 122.0-1 (sid)
mozilla	firefox	< 122.0	122.0
mozilla	firefox	—	—
mozilla	firefox	>= 0 < 122.0+build2-0ubuntu0.20.04.1	122.0+build2-0ubuntu0.20.04.1
mozilla	firefox	>= 0 < 122.0.1+build1-0ubuntu0.20.04.1	122.0.1+build1-0ubuntu0.20.04.1
mozilla	firefox	>= unspecified < 122	122
msrc	azl3_mozjs_102.15.1-1_on_azure_linux_3.0	—	—

OSV

firefox regressions

osv·2024-02-07·CVSS 6.5

CVE-2024-0741 [MEDIUM] firefox regressions firefox regressions USN-6610-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-0741, CVE-2024-0742, CVE-2024-0743, CVE-2024-0744, CVE-2024-0745, CVE-2024-0747, CVE-2024-0748, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0754, CVE-2024-0755) Cornel Ionce discovered that Firefox did not properly manage memory when opening the print preview dialog. An attacker could potentially exploit this issue to cause

OSV

firefox vulnerabilities

osv·2024-01-29·CVSS 6.5

CVE-2024-0741 [MEDIUM] firefox vulnerabilities firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-0741, CVE-2024-0742, CVE-2024-0743, CVE-2024-0744, CVE-2024-0745, CVE-2024-0747, CVE-2024-0748, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0754, CVE-2024-0755) Cornel Ionce discovered that Firefox did not properly manage memory when opening the print preview dialog. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-0746)

GHSA

GHSA-93gv-w5cx-phvx: The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow

ghsa_unreviewed·2024-01-23

CVE-2024-0745 [HIGH] CWE-121 GHSA-93gv-w5cx-phvx: The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122.

OSV

CVE-2024-0745: The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow

osv·2024-01-23·CVSS 8.8

CVE-2024-0745 [HIGH] CVE-2024-0745: The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122.

Ubuntu

Firefox regressions

vendor_ubuntu·2024-02-07·CVSS 6.5

[MEDIUM] Firefox regressions Title: Firefox regressions Summary: USN-6610-1 caused some minor regressions in Firefox. USN-6610-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-0741, CVE-2024-0742, CVE-2024-0743, CVE-2024-0744, CVE-2024-0745, CVE-2024-0747, CVE-2024-0748, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0754, CVE-2024-0755) Cornel Ionce discovered that Firefox did not properly manage memory when opening the print pre

Ubuntu

Firefox vulnerabilities

vendor_ubuntu·2024-01-29·CVSS 6.5

CVE-2024-0745 [MEDIUM] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Several security issues were fixed in Firefox. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-0741, CVE-2024-0742, CVE-2024-0743, CVE-2024-0744, CVE-2024-0745, CVE-2024-0747, CVE-2024-0748, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0754, CVE-2024-0755) Cornel Ionce discovered that Firefox did not properly manage memory when opening the print preview dialog. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-0746) Instructions: After a standard system update yo

Red Hat

firefox: stack buffer overflow in WebAudio `OscillatorNode`

vendor_redhat·2024-01-23·CVSS 8.8

CVE-2024-0745 [HIGH] CWE-119 firefox: stack buffer overflow in WebAudio `OscillatorNode` firefox: stack buffer overflow in WebAudio `OscillatorNode` The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122. A stack buffer overflow flaw was found in Firefox in the WebAudio `OscillatorNode` object. This flaw can lead to a potentially exploitable crash. Statement: This vulnerability only affects Non ESR versions of Firefox and we don't ship Non ESR. Package: firefox (Red Hat Enterprise Linux 6) - Not affected Package: firefox (Red Hat Enterprise Linux 7) - Not affected Package: firefox (Red Hat Enterprise Linux 8) - Not affected Package: firefox:flatpak/firefox (Red Hat Enterprise Linux 8) - Not affected Package: firefox (Red Hat Enterprise Linux 9) - N

Microsoft

The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122.

vendor_msrc·2024-01-09·CVSS 8.8

CVE-2024-0745 [HIGH] CWE-787 The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122. The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this. Mariner: Mar

Debian

CVE-2024-0745: firefox - The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow....

vendor_debian·2024·CVSS 8.8

CVE-2024-0745 [HIGH] CVE-2024-0745: firefox - The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow.... The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122. Scope: local sid: resolved (fixed in 122.0-1)

Mozilla

Mozilla Foundation Security Advisory 2024-01: CVE-2024-0745

vendor_mozilla·CVSS 8.8

CVE-2024-0745 [HIGH] Mozilla Foundation Security Advisory 2024-01: CVE-2024-0745 Mozilla Foundation Security Advisory 2024-01 CVE: CVE-2024-0745 Product: Firefox Impact: moderate Fixed in: Firefox 122

CVE-2024-0745: The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability…

Affected

CVSS provenance