CVE-2024-1552Incorrect Conversion between Numeric Types in Mozilla Firefox

CWE-681Incorrect Conversion between Numeric TypesCWE-476NULL Pointer Dereference13 documents9 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 48.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+1 more
Timeline
PublishedFeb 20
Latest updateMar 4

Description

Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

CVEListV5mozilla/firefoxunspecified123
NVDmozilla/firefox< 115.8.0+1
CVEListV5mozilla/firefox_esrunspecified115.8
CVEListV5mozilla/thunderbirdunspecified115.8
NVDmozilla/thunderbird< 115.8.0

Also affects: Debian Linux 10.0

🔴Vulnerability Details

3
OSV
CVE-2024-1552: Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior2024-02-20
CVEList
CVE-2024-1552: Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior2024-02-20
GHSA
GHSA-372x-c6rw-v8f9: Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior2024-02-20

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2024-03-04
Ubuntu
Firefox vulnerabilities2024-02-22
Red Hat
Mozilla: Incorrect code generation on 32-bit ARM devices2024-02-20
Microsoft
Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 1232024-02-13
Debian
CVE-2024-1552: firefox - Incorrect code generation could have led to unexpected numeric conversions and p...2024
CVE-2024-1552 — Mozilla Firefox vulnerability | cvebase