CVE-2024-4771Use After Free in Mozilla Firefox

CWE-416Use After Free10 documents7 sources
Severity
8.6HIGHNVD
OSV8.8
EPSS
0.6%
top 29.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedMay 14
Latest updateMay 29

Description

A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 126.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:HExploitability: 3.9 | Impact: 4.7

Affected Packages3 packages

CVEListV5mozilla/firefoxunspecified126
NVDmozilla/firefox< 126.0
Ubuntumozilla/firefox< 126.0+build2-0ubuntu0.20.04.1+1

🔴Vulnerability Details

5
OSV
firefox regressions2024-05-29
OSV
firefox vulnerabilities2024-05-21
GHSA
GHSA-w694-6mxx-38mc: A memory allocation check was missing which would lead to a use-after-free if the allocation failed2024-05-14
CVEList
CVE-2024-4771: A memory allocation check was missing which would lead to a use-after-free if the allocation failed2024-05-14
OSV
CVE-2024-4771: A memory allocation check was missing which would lead to a use-after-free if the allocation failed2024-05-14

📋Vendor Advisories

4
Ubuntu
Firefox regressions2024-05-29
Ubuntu
Firefox vulnerabilities2024-05-21
Debian
CVE-2024-4771: firefox - A memory allocation check was missing which would lead to a use-after-free if th...2024
Mozilla
Mozilla Foundation Security Advisory 2024-21: CVE-2024-4771
CVE-2024-4771 — Use After Free in Mozilla Firefox | cvebase