CVE-2024-3862 — Use of Uninitialized Resource

Vendor	Product	Version range	Fixed in
debian	firefox	< firefox 125.0.1-1 (sid)	firefox 125.0.1-1 (sid)
mozilla	firefox	< 125.0	125.0
mozilla	firefox	—	—
mozilla	firefox	>= 0 < 125.0.3+build1-0ubuntu0.20.04.1	125.0.3+build1-0ubuntu0.20.04.1
mozilla	firefox	>= 0 < 125.0.2+build1-0ubuntu0.20.04.2	125.0.2+build1-0ubuntu0.20.04.2
mozilla	firefox	>= unspecified < 125	125

OSV

firefox regressions

osv·2024-05-02·CVSS 3.7

CVE-2024-3852 [LOW] firefox regressions firefox regressions USN-6747-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-3852, CVE-2024-3864, CVE-2024-3865) Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization

OSV

firefox vulnerabilities

osv·2024-04-24·CVSS 3.7

CVE-2024-3852 [LOW] firefox vulnerabilities firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-3852, CVE-2024-3864, CVE-2024-3865) Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-3853) Lukas Bernhard discovered

GHSA

GHSA-fvvm-pp96-j72m: The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it were used in a self-assignment

ghsa_unreviewed·2024-04-16

CVE-2024-3862 [MEDIUM] CWE-908 GHSA-fvvm-pp96-j72m: The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it were used in a self-assignment The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it were used in a self-assignment. This vulnerability affects Firefox < 125.

OSV

CVE-2024-3862: The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it were used in a self-assignment

osv·2024-04-16·CVSS 5.3

CVE-2024-3862 [MEDIUM] CVE-2024-3862: The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it were used in a self-assignment The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it were used in a self-assignment. This vulnerability affects Firefox < 125.

Ubuntu

Firefox regressions

vendor_ubuntu·2024-05-02·CVSS 3.7

[LOW] Firefox regressions Title: Firefox regressions Summary: USN-6747-1 caused some minor regressions in Firefox. USN-6747-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-3852, CVE-2024-3864, CVE-2024-3865) Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Gary Kwong discovered that Firefox did not properly man

Ubuntu

Firefox vulnerabilities

vendor_ubuntu·2024-04-24·CVSS 3.7

CVE-2024-3853 [LOW] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Several security issues were fixed in Firefox. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-3852, CVE-2024-3864, CVE-2024-3865) Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization. An attacker could potentially exploit this issue to cause a denial of service, or ex

Debian

CVE-2024-3862: firefox - The MarkStack assignment operator, part of the JavaScript engine, could access u...

vendor_debian·2024·CVSS 5.3

CVE-2024-3862 [MEDIUM] CVE-2024-3862: firefox - The MarkStack assignment operator, part of the JavaScript engine, could access u... The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it were used in a self-assignment. This vulnerability affects Firefox < 125. Scope: local sid: resolved (fixed in 125.0.1-1)

Mozilla

Mozilla Foundation Security Advisory 2024-18: CVE-2024-3862

vendor_mozilla·CVSS 5.3

CVE-2024-3862 [MEDIUM] Mozilla Foundation Security Advisory 2024-18: CVE-2024-3862 Mozilla Foundation Security Advisory 2024-18 CVE: CVE-2024-3862 Product: Firefox Impact: high Fixed in: Firefox 125

CVE-2024-3862: The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it were used in a self-assignment. This vulnerability…

Affected

CVSS provenance