CVE-2024-0752Use After Free in Mozilla Firefox

CWE-416Use After FreeCWE-400Uncontrolled Resource Consumption7 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 68.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedJan 23

Description

A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5mozilla/firefoxunspecified122
NVDmozilla/firefox< 122.0

🔴Vulnerability Details

2
CVEList
CVE-2024-0752: A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system2024-01-23
GHSA
GHSA-mff6-fp66-7vrp: A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system2024-01-23

📋Vendor Advisories

4
Red Hat
firefox: use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system2024-01-23
Microsoft
A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox <2024-01-09
Debian
CVE-2024-0752: firefox - A use-after-free crash could have occurred on macOS if a Firefox update were bei...2024
Mozilla
Mozilla Foundation Security Advisory 2024-01: CVE-2024-0752
CVE-2024-0752 — Use After Free in Mozilla Firefox | cvebase