CVE-2024-2606 — Incorrect Type Conversion or Cast in Mozilla Firefox

CWE-704 — Incorrect Type Conversion or Cast9 documents8 sources

Severity

3.7LOWNVD

OSV6.5

EPSS

0.2%

top 58.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedMar 19

Latest updateMar 20

Description

Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5mozilla/firefoxunspecified — 124

▶NVDmozilla/firefox< 124.0

▶Ubuntumozilla/firefox< 124.0+build1-0ubuntu0.20.04.1

🔴Vulnerability Details

OSV

firefox vulnerabilities↗2024-03-20

▶

CVEList

CVE-2024-2606: Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values↗2024-03-19

▶

GHSA

GHSA-ww69-c6p5-r54m: Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values↗2024-03-19

▶

OSV

CVE-2024-2606: Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values↗2024-03-19

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2024-03-20

▶

Microsoft

Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124.↗2024-03-12

▶

Debian

CVE-2024-2606: firefox - Passing invalid data could have led to invalid wasm values being created, such a...↗2024

▶

Mozilla

Mozilla Foundation Security Advisory 2024-12: CVE-2024-2606↗

▶