CVE-2024-4775 — Missing Handler in Mozilla Firefox

CWE-431 — Missing Handler11 documents8 sources

Severity

5.9MEDIUMNVD

OSV8.8

EPSS

0.1%

top 79.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedMay 14

Latest updateMay 29

Description

An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox < 126.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.5 | Impact: 3.4

Affected Packages3 packages

▶CVEListV5mozilla/firefoxunspecified — 126

▶NVDmozilla/firefox< 126.0

▶Ubuntumozilla/firefox< 126.0+build2-0ubuntu0.20.04.1+1

🔴Vulnerability Details

OSV

firefox regressions↗2024-05-29

▶

OSV

firefox vulnerabilities↗2024-05-21

▶

OSV

CVE-2024-4775: An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined be↗2024-05-14

▶

CVEList

CVE-2024-4775: An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined be↗2024-05-14

▶

GHSA

GHSA-68c9-wp52-fpg7: An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined be↗2024-05-14

▶

📋Vendor Advisories

Ubuntu

Firefox regressions↗2024-05-29

▶

Ubuntu

Firefox vulnerabilities↗2024-05-21

▶

Microsoft

▶

Debian

CVE-2024-4775: firefox - An iterator stop condition was missing when handling WASM code in the built-in p...↗2024

▶

Mozilla

Mozilla Foundation Security Advisory 2024-21: CVE-2024-4775↗

▶