CVE-2024-6613Information Exposure via Error Message in Mozilla Firefox

CWE-209Information Exposure via Error MessageCWE-440Expected Behavior ViolationCWE-276Incorrect Default PermissionsCWE-843Type ConfusionCWE-1068Inconsistency Between Implementation and Documented DesignCWE-125Out-of-bounds Read19 documents10 sources
Severity
5.5MEDIUMNVD
OSV4.7
EPSS
0.1%
top 77.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Thunderbird
Timeline
PublishedJul 9
Latest updateNov 14

Description

The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

CVEListV5mozilla/firefoxunspecified128
NVDmozilla/firefox< 128.0
CVEListV5mozilla/thunderbirdunspecified128
NVDmozilla/thunderbird< 128.0
Ubuntumozilla/firefox< 128.0+build2-0ubuntu0.20.04.1

🔴Vulnerability Details

4
OSV
firefox vulnerabilities2024-07-10
OSV
CVE-2024-6613: The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces2024-07-10
CVEList
Incorrect listing of stack frames2024-07-09
GHSA
GHSA-fj5c-r5jw-5wp8: The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces2024-07-09

📋Vendor Advisories

13
Red Hat
chromium-browser: Inappropriate implementation in Fullscreen2025-11-14
Microsoft
Chromium: CVE-2024-9121 Inappropriate implementation in V82024-09-10
Microsoft
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability2024-09-10
Microsoft
Chromium: CVE-2024-9120 Use after free in Dawn2024-09-10
Microsoft
Chromium: CVE-2024-9122 Type Confusion in V82024-09-10

🕵️Threat Intelligence

1
Bleepingcomputer
Google tags a tenth Chrome zero-day as exploited this year2024-08-26
CVE-2024-6613 — Information Exposure via Error Message | cvebase