CVE-2024-3855 — Out-of-bounds Read in Mozilla Firefox

CWE-125 — Out-of-bounds Read12 documents8 sources

Severity

6.5MEDIUMNVD

OSV4.7OSV3.7

EPSS

0.2%

top 62.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedApr 16

Latest updateJan 15

Description

In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads. This vulnerability affects Firefox < 125.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5mozilla/firefoxunspecified — 125

▶NVDmozilla/firefox< 125.0

▶Ubuntumozilla/firefox< 125.0.3+build1-0ubuntu0.20.04.1+1

🔴Vulnerability Details

OSV

linux-raspi-5.4 vulnerabilities↗2025-01-15

▶

OSV

firefox regressions↗2024-05-02

▶

OSV

firefox vulnerabilities↗2024-04-24

▶

GHSA

GHSA-xc8j-mr73-m6wv: In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads↗2024-04-16

▶

OSV

CVE-2024-3855: In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads↗2024-04-16

▶

📋Vendor Advisories

Ubuntu

Firefox regressions↗2024-05-02

▶

Ubuntu

Firefox vulnerabilities↗2024-04-24

▶

Debian

CVE-2024-3855: firefox - In certain cases the JIT incorrectly optimized MSubstr operations, which led to ...↗2024

▶

Mozilla

Mozilla Foundation Security Advisory 2024-18: CVE-2024-3855↗

▶

💬Community

Bugzilla

CVE-2023-52639 kernel: KVM: s390: vsie: fix race during shadow creation↗2024-04-03

▶