CVE-2024-29943: An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability…

CVE-2024-29943 [CRITICAL] Firefox regressions Title: Firefox regressions Summary: USN-6710-1 caused some minor regressions in Firefox. USN-6710-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Manfred Paul discovered that Firefox did not properly perform bounds checking during range analysis, leading to an out-of-bounds write vulnerability. A attacker could use this to cause a denial of service, or execute arbitrary code. (CVE-2024-29943) Manfred Paul discovered that Firefox incorrectly handled MessageManager listeners under certain circumstances. An attacker who was able to inject an event handler into a privileged object may have been able to execute arbitrary code. (CVE-2024-29944) Instructions: After a standard system update you nee

CVE-2024-29944 [CRITICAL] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Several security issues were fixed in Firefox. Manfred Paul discovered that Firefox did not properly perform bounds checking during range analysis, leading to an out-of-bounds write vulnerability. A attacker could use this to cause a denial of service, or execute arbitrary code. (CVE-2024-29943) Manfred Paul discovered that Firefox incorrectly handled MessageManager listeners under certain circumstances. An attacker who was able to inject an event handler into a privileged object may have been able to execute arbitrary code. (CVE-2024-29944) Instructions: After a standard system update you need to restart Firefox to make all the necessary changes.

CVE-2024-29943 [CRITICAL] CWE-125 Mozilla: Out-of-bounds access via Range Analysis bypass Mozilla: Out-of-bounds access via Range Analysis bypass An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1. A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. Statement: Red Hat Enterprise Linux ships Firefox Extended Support Release (ESR) and therefore it is not affected by this CVE. Package: firefox (Red Hat Enterprise Linux 6) - Not affected Package: firefox (Red Hat Enterprise Linux 7) - Not affected Package: firefox (Red Hat Enterprise Linux 8) - Not affected Package:

CVE-2024-29943 [CRITICAL] CWE-125 An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1. An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this. Mariner: Marin

CVE-2024-29943 [CRITICAL] CVE-2024-29943: firefox - An attacker was able to perform an out-of-bounds read or write on a JavaScript o... An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1. Scope: local sid: resolved (fixed in 124.0.1-1)

CVE-2024-29943 [CRITICAL] Mozilla Foundation Security Advisory 2024-15: CVE-2024-29943 Mozilla Foundation Security Advisory 2024-15 CVE: CVE-2024-29943 Product: Firefox Impact: critical Fixed in: Firefox 124.0.1

CVE-2024-29943 [CRITICAL] firefox regressions firefox regressions USN-6710-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Manfred Paul discovered that Firefox did not properly perform bounds checking during range analysis, leading to an out-of-bounds write vulnerability. A attacker could use this to cause a denial of service, or execute arbitrary code. (CVE-2024-29943) Manfred Paul discovered that Firefox incorrectly handled MessageManager listeners under certain circumstances. An attacker who was able to inject an event handler into a privileged object may have been able to execute arbitrary code. (CVE-2024-29944)

CVE-2024-29943 [CRITICAL] firefox vulnerabilities firefox vulnerabilities Manfred Paul discovered that Firefox did not properly perform bounds checking during range analysis, leading to an out-of-bounds write vulnerability. A attacker could use this to cause a denial of service, or execute arbitrary code. (CVE-2024-29943) Manfred Paul discovered that Firefox incorrectly handled MessageManager listeners under certain circumstances. An attacker who was able to inject an event handler into a privileged object may have been able to execute arbitrary code. (CVE-2024-29944)

CVE-2024-29943 [CRITICAL] CWE-125 GHSA-gv5g-5832-j3rm: An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.

CVE-2024-29943 [CRITICAL] CVE-2024-29943: An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.

Hackers earn $1,078,750 for 28 zero-days at Pwn2Own Berlin ## Hackers earn $1,078,750 for 28 zero-days at Pwn2Own Berlin ## Sergiu Gatlan The Pwn2Own Berlin 2025 hacking competition has concluded, with security researchers earning $1,078,750 after exploiting 29 zero-day vulnerabilities and encountering some bug collisions. Throughout the contest, they targeted enterprise technologies in the AI, web browser, virtualization, local privilege escalation, servers, enterprise applications, cloud-native/container, and automotive categories. According to Pwn2Own's rules , all targeted devices had all security updates installed and ran the latest operating system versions. While Tesla also provided two 2025 Tesla Model Y and 2024 Tesla Model 3 bench-top units, security researchers who joined the contest haven't registered any attempts in this category

CVE-2024-9680 [CRITICAL] Mozilla fixes Firefox zero-day actively exploited in attacks ## Mozilla fixes Firefox zero-day actively exploited in attacks ## Bill Toulas Mozilla has issued an emergency security update for the Firefox browser to address a critical use-after-free vulnerability that is currently exploited in attacks. The vulnerability, tracked as CVE-2024-9680, and discovered by ESET researcher Damien Schaeffer, is a use-after-free in Animation timelines. This type of flaw occurs when memory that has been freed is still used by the program, allowing malicious actors to add their own malicious data to the memory region to perform code execution. Animation timelines, part of Firefox's Web Animations API, are a mechanism that controls and synchronizes animations on web pages. "An attacker was able to achieve code execution in the content process by exploiting a

CVE-2024-29943 25th March – Threat Intelligence Report Latest Publications CPR Podcast Channel AI Research Web 3.0 Security Intelligence Reports ThreatCloud AI Threat Intelligence & Research Zero Day Protection Sandblast File Analysis About Us SUBSCRIBE 2026 2025 2024 2023 2022 2021 2020 2019 2018 2017 2016 ## 25th March – Threat Intelligence Report For the latest discoveries in cyber research for the week of 25th March, please download our Threat_Intelligence Bulletin . TOP ATTACKS AND BREACHES Japanese tech company Fujitsu discovered malware on its work computers, risking exposure of customer data. The company, a leading IT firm, detected unauthorized access that potentially allowed personal and customer information to be illicitly extracted. Immediate actions included isolating affected computers and enhancing mon

CVE-2024-29943 [CRITICAL] Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own ## Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own ## Sergiu Gatlan Mozilla has released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited during the Pwn2Own Vancouver 2024 hacking competition. Manfred Paul ( @_manfp ) earned a $100,000 award and 10 Master of Pwn points after exploiting an out-of-bounds (OOB) write flaw ( CVE-2024-29943 ) to gain remote code execution and escaping Mozilla Firefox's sandbox using an exposed dangerous function weakness ( CVE-2024-29944 ). Mozilla says the first vulnerability can let attackers access a JavaScript object out-of-bounds by exploiting range-based bounds check elimination on vulnerable systems. "An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling