CVE-2024-7652NULL Pointer Dereference in Mozilla Firefox

CWE-476NULL Pointer DereferenceCWE-843Type Confusion10 documents7 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 48.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedSep 6

Description

An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

CVEListV5mozilla/firefoxunspecified128
NVDmozilla/firefox< 115.13.0+1
CVEListV5mozilla/firefox_esrunspecified115.13
CVEListV5mozilla/thunderbirdunspecified115.13+1
NVDmozilla/thunderbird116.0128.0+1

🔴Vulnerability Details

3
OSV
CVE-2024-7652: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption2024-09-06
GHSA
GHSA-crg5-c758-hm56: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption2024-09-06
CVEList
Type Confusion in Async Generators in Javascript Engine2024-09-06

📋Vendor Advisories

6
Red Hat
mozilla: Type Confusion in Async Generators in Javascript Engine2024-09-06
Debian
CVE-2024-7652: firefox - An error in the ECMA-262 specification relating to Async Generators could have r...2024
Mozilla
Mozilla Foundation Security Advisory 2024-31: CVE-2024-7652
Mozilla
Mozilla Foundation Security Advisory 2024-30: CVE-2024-7652
Mozilla
Mozilla Foundation Security Advisory 2024-32: CVE-2024-7652
CVE-2024-7652 — NULL Pointer Dereference in Mozilla | cvebase