CVE-2024-3862Use of Uninitialized Resource in Mozilla Firefox

CWE-908Use of Uninitialized Resource10 documents7 sources
Severity
5.3MEDIUMNVD
OSV3.7
EPSS
0.1%
top 66.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedApr 16
Latest updateMay 2

Description

The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it were used in a self-assignment. This vulnerability affects Firefox < 125.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages3 packages

CVEListV5mozilla/firefoxunspecified125
NVDmozilla/firefox< 125.0
Ubuntumozilla/firefox< 125.0.3+build1-0ubuntu0.20.04.1+1

🔴Vulnerability Details

5
OSV
firefox regressions2024-05-02
OSV
firefox vulnerabilities2024-04-24
GHSA
GHSA-fvvm-pp96-j72m: The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it were used in a self-assignment2024-04-16
OSV
CVE-2024-3862: The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it were used in a self-assignment2024-04-16
CVEList
CVE-2024-3862: The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it were used in a self-assignment2024-04-16

📋Vendor Advisories

4
Ubuntu
Firefox regressions2024-05-02
Ubuntu
Firefox vulnerabilities2024-04-24
Debian
CVE-2024-3862: firefox - The MarkStack assignment operator, part of the JavaScript engine, could access u...2024
Mozilla
Mozilla Foundation Security Advisory 2024-18: CVE-2024-3862
CVE-2024-3862 — Use of Uninitialized Resource | cvebase