CVE-2024-29944: An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This…

CVE-2024-29943 [CRITICAL] Firefox regressions Title: Firefox regressions Summary: USN-6710-1 caused some minor regressions in Firefox. USN-6710-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Manfred Paul discovered that Firefox did not properly perform bounds checking during range analysis, leading to an out-of-bounds write vulnerability. A attacker could use this to cause a denial of service, or execute arbitrary code. (CVE-2024-29943) Manfred Paul discovered that Firefox incorrectly handled MessageManager listeners under certain circumstances. An attacker who was able to inject an event handler into a privileged object may have been able to execute arbitrary code. (CVE-2024-29944) Instructions: After a standard system update you nee

CVE-2024-29944 [CRITICAL] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Several security issues were fixed in Firefox. Manfred Paul discovered that Firefox did not properly perform bounds checking during range analysis, leading to an out-of-bounds write vulnerability. A attacker could use this to cause a denial of service, or execute arbitrary code. (CVE-2024-29943) Manfred Paul discovered that Firefox incorrectly handled MessageManager listeners under certain circumstances. An attacker who was able to inject an event handler into a privileged object may have been able to execute arbitrary code. (CVE-2024-29944) Instructions: After a standard system update you need to restart Firefox to make all the necessary changes.

CVE-2024-29944 [HIGH] CWE-94 Mozilla: Privileged JavaScript Execution via Event Handlers Mozilla: Privileged JavaScript Execution via Event Handlers An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1. The Mozilla Foundation Security Advisory describes this flaw as: An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope Package: firefox-flatpak-container (Red Hat Enterprise Linux 9) - Affected

CVE-2024-29944 [HIGH] CVE-2024-29944: firefox - An attacker was able to inject an event handler into a privileged object that wo... An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1. Scope: local sid: resolved (fixed in 124.0.1-1)

CVE-2024-29944 [HIGH] Mozilla Foundation Security Advisory 2024-16: CVE-2024-29944 Mozilla Foundation Security Advisory 2024-16 CVE: CVE-2024-29944 Product: Firefox ESR Impact: critical Fixed in: Firefox ESR 115.9.1

CVE-2024-29944 [HIGH] Mozilla Foundation Security Advisory 2024-15: CVE-2024-29944 Mozilla Foundation Security Advisory 2024-15 CVE: CVE-2024-29944 Product: Firefox Impact: critical Fixed in: Firefox 124.0.1

CVE-2024-29943 [CRITICAL] firefox regressions firefox regressions USN-6710-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Manfred Paul discovered that Firefox did not properly perform bounds checking during range analysis, leading to an out-of-bounds write vulnerability. A attacker could use this to cause a denial of service, or execute arbitrary code. (CVE-2024-29943) Manfred Paul discovered that Firefox incorrectly handled MessageManager listeners under certain circumstances. An attacker who was able to inject an event handler into a privileged object may have been able to execute arbitrary code. (CVE-2024-29944)

CVE-2024-29943 [CRITICAL] firefox vulnerabilities firefox vulnerabilities Manfred Paul discovered that Firefox did not properly perform bounds checking during range analysis, leading to an out-of-bounds write vulnerability. A attacker could use this to cause a denial of service, or execute arbitrary code. (CVE-2024-29943) Manfred Paul discovered that Firefox incorrectly handled MessageManager listeners under certain circumstances. An attacker who was able to inject an event handler into a privileged object may have been able to execute arbitrary code. (CVE-2024-29944)

CVE-2024-29944 [HIGH] CVE-2024-29944: An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.

CVE-2024-29944 [HIGH] CWE-830 GHSA-cm37-53wc-mx6g: An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.

Hackers earn $1,078,750 for 28 zero-days at Pwn2Own Berlin ## Hackers earn $1,078,750 for 28 zero-days at Pwn2Own Berlin ## Sergiu Gatlan The Pwn2Own Berlin 2025 hacking competition has concluded, with security researchers earning $1,078,750 after exploiting 29 zero-day vulnerabilities and encountering some bug collisions. Throughout the contest, they targeted enterprise technologies in the AI, web browser, virtualization, local privilege escalation, servers, enterprise applications, cloud-native/container, and automotive categories. According to Pwn2Own's rules , all targeted devices had all security updates installed and ran the latest operating system versions. While Tesla also provided two 2025 Tesla Model Y and 2024 Tesla Model 3 bench-top units, security researchers who joined the contest haven't registered any attempts in this category

CVE-2024-9680 [CRITICAL] Mozilla fixes Firefox zero-day actively exploited in attacks ## Mozilla fixes Firefox zero-day actively exploited in attacks ## Bill Toulas Mozilla has issued an emergency security update for the Firefox browser to address a critical use-after-free vulnerability that is currently exploited in attacks. The vulnerability, tracked as CVE-2024-9680, and discovered by ESET researcher Damien Schaeffer, is a use-after-free in Animation timelines. This type of flaw occurs when memory that has been freed is still used by the program, allowing malicious actors to add their own malicious data to the memory region to perform code execution. Animation timelines, part of Firefox's Web Animations API, are a mechanism that controls and synchronizes animations on web pages. "An attacker was able to achieve code execution in the content process by exploiting a

CVE-2024-29943 25th March – Threat Intelligence Report Latest Publications CPR Podcast Channel AI Research Web 3.0 Security Intelligence Reports ThreatCloud AI Threat Intelligence & Research Zero Day Protection Sandblast File Analysis About Us SUBSCRIBE 2026 2025 2024 2023 2022 2021 2020 2019 2018 2017 2016 ## 25th March – Threat Intelligence Report For the latest discoveries in cyber research for the week of 25th March, please download our Threat_Intelligence Bulletin . TOP ATTACKS AND BREACHES Japanese tech company Fujitsu discovered malware on its work computers, risking exposure of customer data. The company, a leading IT firm, detected unauthorized access that potentially allowed personal and customer information to be illicitly extracted. Immediate actions included isolating affected computers and enhancing mon

CVE-2024-29943 [CRITICAL] Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own ## Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own ## Sergiu Gatlan Mozilla has released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited during the Pwn2Own Vancouver 2024 hacking competition. Manfred Paul ( @_manfp ) earned a $100,000 award and 10 Master of Pwn points after exploiting an out-of-bounds (OOB) write flaw ( CVE-2024-29943 ) to gain remote code execution and escaping Mozilla Firefox's sandbox using an exposed dangerous function weakness ( CVE-2024-29944 ). Mozilla says the first vulnerability can let attackers access a JavaScript object out-of-bounds by exploiting range-based bounds check elimination on vulnerable systems. "An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling