CVE-2024-3860 — Mozilla Firefox vulnerability

Vendor	Product	Version range	Fixed in
debian	firefox	< firefox 125.0.1-1 (sid)	firefox 125.0.1-1 (sid)
mozilla	firefox	< 125.0	125.0
mozilla	firefox	—	—
mozilla	firefox	>= 0 < 125.0.3+build1-0ubuntu0.20.04.1	125.0.3+build1-0ubuntu0.20.04.1
mozilla	firefox	>= 0 < 125.0.2+build1-0ubuntu0.20.04.2	125.0.2+build1-0ubuntu0.20.04.2
mozilla	firefox	>= unspecified < 125	125

OSV

firefox regressions

osv·2024-05-02·CVSS 3.7

CVE-2024-3852 [LOW] firefox regressions firefox regressions USN-6747-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-3852, CVE-2024-3864, CVE-2024-3865) Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization

OSV

firefox vulnerabilities

osv·2024-04-24·CVSS 3.7

CVE-2024-3852 [LOW] firefox vulnerabilities firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-3852, CVE-2024-3864, CVE-2024-3865) Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-3853) Lukas Bernhard discovered

OSV

CVE-2024-3860: An out-of-memory condition during object initialization could result in an empty shape list

osv·2024-04-16·CVSS 6.2

CVE-2024-3860 [MEDIUM] CVE-2024-3860: An out-of-memory condition during object initialization could result in an empty shape list An out-of-memory condition during object initialization could result in an empty shape list. If the JIT subsequently traced the object it would crash. This vulnerability affects Firefox < 125.

GHSA

GHSA-f985-cwrv-f4qp: An out-of-memory condition during object initialization could result in an empty shape list

ghsa_unreviewed·2024-04-16

CVE-2024-3860 [MEDIUM] CWE-401 GHSA-f985-cwrv-f4qp: An out-of-memory condition during object initialization could result in an empty shape list An out-of-memory condition during object initialization could result in an empty shape list. If the JIT subsequently traced the object it would crash. This vulnerability affects Firefox < 125.

Ubuntu

Firefox regressions

vendor_ubuntu·2024-05-02·CVSS 3.7

[LOW] Firefox regressions Title: Firefox regressions Summary: USN-6747-1 caused some minor regressions in Firefox. USN-6747-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-3852, CVE-2024-3864, CVE-2024-3865) Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Gary Kwong discovered that Firefox did not properly man

Ubuntu

Firefox vulnerabilities

vendor_ubuntu·2024-04-24·CVSS 3.7

CVE-2024-3853 [LOW] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Several security issues were fixed in Firefox. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-3852, CVE-2024-3864, CVE-2024-3865) Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization. An attacker could potentially exploit this issue to cause a denial of service, or ex

Debian

CVE-2024-3860: firefox - An out-of-memory condition during object initialization could result in an empty...

vendor_debian·2024·CVSS 6.2

CVE-2024-3860 [MEDIUM] CVE-2024-3860: firefox - An out-of-memory condition during object initialization could result in an empty... An out-of-memory condition during object initialization could result in an empty shape list. If the JIT subsequently traced the object it would crash. This vulnerability affects Firefox < 125. Scope: local sid: resolved (fixed in 125.0.1-1)

Mozilla

Mozilla Foundation Security Advisory 2024-18: CVE-2024-3860

vendor_mozilla·CVSS 6.2

CVE-2024-3860 [MEDIUM] Mozilla Foundation Security Advisory 2024-18: CVE-2024-3860 Mozilla Foundation Security Advisory 2024-18 CVE: CVE-2024-3860 Product: Firefox Impact: high Fixed in: Firefox 125

CVE-2024-3860: An out-of-memory condition during object initialization could result in an empty shape list. If the JIT subsequently traced the object it would crash. This…

Affected

CVSS provenance