CVE-2024-3854Out-of-bounds Read in Mozilla Firefox

CWE-125Out-of-bounds Read13 documents9 sources
Severity
8.8HIGHNVD
EPSS
1.0%
top 22.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedApr 16
Latest updateMay 18

Description

In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5mozilla/firefoxunspecified125
NVDmozilla/firefox< 115.10+1
CVEListV5mozilla/firefox_esrunspecified115.10
CVEListV5mozilla/thunderbirdunspecified115.10
NVDmozilla/thunderbird< 115.10

🔴Vulnerability Details

3
GHSA
GHSA-xc66-q4x2-cwqx: In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads2024-04-16
OSV
CVE-2024-3854: In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads2024-04-16
CVEList
CVE-2024-3854: In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads2024-04-16

📋Vendor Advisories

7
Ubuntu
Thunderbird vulnerabilities2024-04-25
Ubuntu
Firefox vulnerabilities2024-04-24
Red Hat
Mozilla: Out-of-bounds-read after mis-optimized switch statement2024-04-16
Debian
CVE-2024-3854: firefox - In some code patterns the JIT incorrectly optimized switch statements and genera...2024
Mozilla
Mozilla Foundation Security Advisory 2024-19: CVE-2024-3854

💬Community

2
Bugzilla
CVE-2023-52667 kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups2024-05-18
Bugzilla
CVE-2023-5090 kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs2023-11-06
CVE-2024-3854 — Out-of-bounds Read in Mozilla Firefox | cvebase