CVE-2024-3858
published 2024-04-16CVE-2024-3858: It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125.
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 125.0.1-1 (sid) | firefox 125.0.1-1 (sid) |
| mozilla | firefox | < 125.0 | 125.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 125.0.3+build1-0ubuntu0.20.04.1 | 125.0.3+build1-0ubuntu0.20.04.1 |
| mozilla | firefox | >= 0 < 125.0.2+build1-0ubuntu0.20.04.2 | 125.0.2+build1-0ubuntu0.20.04.2 |
| mozilla | firefox | >= unspecified < 125 | 125 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
OSV
firefox regressions
osv·2024-05-02·CVSS 3.7
CVE-2024-3852 [LOW] firefox regressions
firefox regressions
USN-6747-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-3852,
CVE-2024-3864, CVE-2024-3865)
Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2
CONTINUATION frames. An attacker could potentially exploit this issue to
cause a denial of service. (CVE-2024-3302)
Gary Kwong discovered that Firefox did not properly manage memory when
running garbage collection during realm initialization
OSV
firefox vulnerabilities
osv·2024-04-24·CVSS 3.7
CVE-2024-3852 [LOW] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-3852,
CVE-2024-3864, CVE-2024-3865)
Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2
CONTINUATION frames. An attacker could potentially exploit this issue to
cause a denial of service. (CVE-2024-3302)
Gary Kwong discovered that Firefox did not properly manage memory when
running garbage collection during realm initialization. An attacker could
potentially exploit this issue to cause a denial of service, or execute
arbitrary code. (CVE-2024-3853)
Lukas Bernhard discovered
GHSA
GHSA-hf5c-hjgx-rmrw: It was possible to mutate a JavaScript object so that the JIT could crash while tracing it
ghsa_unreviewed·2024-04-16
CVE-2024-3858 [HIGH] CWE-476 GHSA-hf5c-hjgx-rmrw: It was possible to mutate a JavaScript object so that the JIT could crash while tracing it
It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125.
OSV
CVE-2024-3858: It was possible to mutate a JavaScript object so that the JIT could crash while tracing it
osv·2024-04-16·CVSS 7.5
CVE-2024-3858 [HIGH] CVE-2024-3858: It was possible to mutate a JavaScript object so that the JIT could crash while tracing it
It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125.
Ubuntu
Firefox regressions
vendor_ubuntu·2024-05-02·CVSS 3.7
[LOW] Firefox regressions
Title: Firefox regressions
Summary: USN-6747-1 caused some minor regressions in Firefox.
USN-6747-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-3852,
CVE-2024-3864, CVE-2024-3865)
Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2
CONTINUATION frames. An attacker could potentially exploit this issue to
cause a denial of service. (CVE-2024-3302)
Gary Kwong discovered that Firefox did not properly man
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2024-04-24·CVSS 3.7
CVE-2024-3853 [LOW] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Several security issues were fixed in Firefox.
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-3852,
CVE-2024-3864, CVE-2024-3865)
Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2
CONTINUATION frames. An attacker could potentially exploit this issue to
cause a denial of service. (CVE-2024-3302)
Gary Kwong discovered that Firefox did not properly manage memory when
running garbage collection during realm initialization. An attacker could
potentially exploit this issue to cause a denial of service, or ex
Debian
CVE-2024-3858: firefox - It was possible to mutate a JavaScript object so that the JIT could crash while ...
vendor_debian·2024·CVSS 7.5
CVE-2024-3858 [HIGH] CVE-2024-3858: firefox - It was possible to mutate a JavaScript object so that the JIT could crash while ...
It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125.
Scope: local
sid: resolved (fixed in 125.0.1-1)
Mozilla
Mozilla Foundation Security Advisory 2024-18: CVE-2024-3858
vendor_mozilla·CVSS 7.5
CVE-2024-3858 [HIGH] Mozilla Foundation Security Advisory 2024-18: CVE-2024-3858
Mozilla Foundation Security Advisory 2024-18
CVE: CVE-2024-3858
Product: Firefox
Impact: high
Fixed in: Firefox 125
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-04-16
Published