CVE-2024-7530
published 2024-08-06CVE-2024-7530: Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129.
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 129.0-1 (sid) | firefox 129.0-1 (sid) |
| mozilla | firefox | < 129.0 | 129.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 129.0.2+build1-0ubuntu0.20.04.1 | 129.0.2+build1-0ubuntu0.20.04.1 |
| mozilla | firefox | >= 0 < 129.0.1+build1-0ubuntu0.20.04.1 | 129.0.1+build1-0ubuntu0.20.04.1 |
| mozilla | firefox | >= unspecified < 129 | 129 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
OSV
firefox regressions
osv·2024-08-21·CVSS 6.5
CVE-2024-7518 [MEDIUM] firefox regressions
firefox regressions
USN-6966-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-7518,
CVE-2024-7521, CVE-2024-7524, CVE-2024-7526, CVE-2024-7527, CVE-2024-7528,
CVE-2024-7529, CVE-2024-7530, CVE-2024-7531)
It was discovered that Firefox did not properly manage certain memory
operations when processing graphics shared memory. An attacker could
potentially exploit this issue to escape the san
OSV
firefox vulnerabilities
osv·2024-08-19·CVSS 6.5
CVE-2024-7518 [MEDIUM] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-7518,
CVE-2024-7521, CVE-2024-7524, CVE-2024-7526, CVE-2024-7527, CVE-2024-7528,
CVE-2024-7529, CVE-2024-7530, CVE-2024-7531)
It was discovered that Firefox did not properly manage certain memory
operations when processing graphics shared memory. An attacker could
potentially exploit this issue to escape the sandbox. (CVE-2024-7519)
Nan Wang discovered that Firefox did not properly handle type check in
WebAssembly. An attacker could potentially exploit this issue to execute
arbitrary code. (CVE
GHSA
GHSA-4xc3-7r7g-7vx3: Incorrect garbage collection interaction could have led to a use-after-free
ghsa_unreviewed·2024-08-06
CVE-2024-7530 [CRITICAL] CWE-416 GHSA-4xc3-7r7g-7vx3: Incorrect garbage collection interaction could have led to a use-after-free
Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129.
OSV
CVE-2024-7530: Incorrect garbage collection interaction could have led to a use-after-free
osv·2024-08-06·CVSS 8.8
CVE-2024-7530 [HIGH] CVE-2024-7530: Incorrect garbage collection interaction could have led to a use-after-free
Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129.
Ubuntu
Firefox regressions
vendor_ubuntu·2024-08-21·CVSS 6.5
[MEDIUM] Firefox regressions
Title: Firefox regressions
Summary: USN-6966-1 caused some minor regressions in Firefox.
USN-6966-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-7518,
CVE-2024-7521, CVE-2024-7524, CVE-2024-7526, CVE-2024-7527, CVE-2024-7528,
CVE-2024-7529, CVE-2024-7530, CVE-2024-7531)
It was discovered that Firefox did not properly manage certain memory
operations when processing graphics shared memo
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2024-08-19·CVSS 6.5
CVE-2024-7518 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Several security issues were fixed in Firefox.
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-7518,
CVE-2024-7521, CVE-2024-7524, CVE-2024-7526, CVE-2024-7527, CVE-2024-7528,
CVE-2024-7529, CVE-2024-7530, CVE-2024-7531)
It was discovered that Firefox did not properly manage certain memory
operations when processing graphics shared memory. An attacker could
potentially exploit this issue to escape the sandbox. (CVE-2024-7519)
Nan Wang discovered that Firefox did not properly handle type check in
WebAssembly. An attacker coul
Debian
CVE-2024-7530: firefox - Incorrect garbage collection interaction could have led to a use-after-free. Thi...
vendor_debian·2024·CVSS 8.8
CVE-2024-7530 [HIGH] CVE-2024-7530: firefox - Incorrect garbage collection interaction could have led to a use-after-free. Thi...
Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129.
Scope: local
sid: resolved (fixed in 129.0-1)
Mozilla
Mozilla Foundation Security Advisory 2024-33: CVE-2024-7530
vendor_mozilla·CVSS 8.8
CVE-2024-7530 [HIGH] Mozilla Foundation Security Advisory 2024-33: CVE-2024-7530
Mozilla Foundation Security Advisory 2024-33
CVE: CVE-2024-7530
Product: Firefox
Impact: low
Fixed in: Firefox 129
No detection rules found.
Nuclei
AVM FRITZ!Box 7530 AX - Unauthorized Access
nuclei·CVSS 7.5
CVE-2024-54767 [HIGH] AVM FRITZ!Box 7530 AX - Unauthorized Access
AVM FRITZ!Box 7530 AX - Unauthorized Access
An access control issue in the component /juis_boxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication.
Template:
id: CVE-2024-54767
info:
name: AVM FRITZ!Box 7530 AX - Unauthorized Access
author: DhiyaneshDK
severity: high
description: |
An access control issue in the component /juis_boxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication.
impact: |
Unauthenticated attackers can access sensitive device information including firmware version, serial numbers, and configuration details through the boxinfo XML endpoint.
remediation: |
Update AVM FRITZ!Box 7530 AX to a version later than 7.59 that addresses the unauthorized access
No writeups or analysis indexed.
2024-08-06
Published