CVE-2024-3853 — Use After Free in Mozilla Firefox

Vendor	Product	Version range	Fixed in
debian	firefox	< firefox 125.0.1-1 (sid)	firefox 125.0.1-1 (sid)
mozilla	firefox	< 125.0	125.0
mozilla	firefox	—	—
mozilla	firefox	>= 0 < 125.0.3+build1-0ubuntu0.20.04.1	125.0.3+build1-0ubuntu0.20.04.1
mozilla	firefox	>= 0 < 125.0.2+build1-0ubuntu0.20.04.2	125.0.2+build1-0ubuntu0.20.04.2
mozilla	firefox	>= unspecified < 125	125

OSV

firefox regressions

osv·2024-05-02·CVSS 3.7

CVE-2024-3852 [LOW] firefox regressions firefox regressions USN-6747-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-3852, CVE-2024-3864, CVE-2024-3865) Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization

OSV

firefox vulnerabilities

osv·2024-04-24·CVSS 3.7

CVE-2024-3852 [LOW] firefox vulnerabilities firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-3852, CVE-2024-3864, CVE-2024-3865) Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-3853) Lukas Bernhard discovered

OSV

CVE-2024-3853: A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started

osv·2024-04-16·CVSS 7.5

CVE-2024-3853 [HIGH] CVE-2024-3853: A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. This vulnerability affects Firefox < 125.

GHSA

GHSA-p6j5-jrmm-j3w6: A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started

ghsa_unreviewed·2024-04-16

CVE-2024-3853 [HIGH] CWE-416 GHSA-p6j5-jrmm-j3w6: A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. This vulnerability affects Firefox < 125.

Ubuntu

Firefox regressions

vendor_ubuntu·2024-05-02·CVSS 3.7

[LOW] Firefox regressions Title: Firefox regressions Summary: USN-6747-1 caused some minor regressions in Firefox. USN-6747-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-3852, CVE-2024-3864, CVE-2024-3865) Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Gary Kwong discovered that Firefox did not properly man

Ubuntu

Firefox vulnerabilities

vendor_ubuntu·2024-04-24·CVSS 3.7

CVE-2024-3853 [LOW] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Several security issues were fixed in Firefox. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-3852, CVE-2024-3864, CVE-2024-3865) Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization. An attacker could potentially exploit this issue to cause a denial of service, or ex

Debian

CVE-2024-3853: firefox - A use-after-free could result if a JavaScript realm was in the process of being ...

vendor_debian·2024·CVSS 7.5

CVE-2024-3853 [HIGH] CVE-2024-3853: firefox - A use-after-free could result if a JavaScript realm was in the process of being ... A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. This vulnerability affects Firefox < 125. Scope: local sid: resolved (fixed in 125.0.1-1)

Mozilla

Mozilla Foundation Security Advisory 2024-18: CVE-2024-3853

vendor_mozilla·CVSS 7.5

CVE-2024-3853 [HIGH] Mozilla Foundation Security Advisory 2024-18: CVE-2024-3853 Mozilla Foundation Security Advisory 2024-18 CVE: CVE-2024-3853 Product: Firefox Impact: high Fixed in: Firefox 125

CVE-2024-3853: A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. This vulnerability affects…

Affected

CVSS provenance