CVE-2024-9400
published 2024-10-01CVE-2024-9400: A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 131.0-1 (sid) | firefox 131.0-1 (sid) |
| debian | thunderbird | < firefox 131.0-1 (sid) | firefox 131.0-1 (sid) |
| mozilla | firefox | < 128.3.0 | 128.3.0 |
| mozilla | firefox | < 131.0 | 131.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 131.0+build1.1-0ubuntu0.20.04.1 | 131.0+build1.1-0ubuntu0.20.04.1 |
| mozilla | firefox | >= unspecified < 131 | 131 |
| mozilla | firefox_esr | >= unspecified < 128.3 | 128.3 |
| mozilla | thunderbird | < 128.3.0 | 128.3.0 |
| mozilla | thunderbird | >= 0 < 1:128.3.0esr-1 | 1:128.3.0esr-1 |
| mozilla | thunderbird | >= 0 < 1:128.3.0esr-1 | 1:128.3.0esr-1 |
| mozilla | thunderbird | >= 129.0 < 131.0 | 131.0 |
| mozilla | thunderbird | >= unspecified < 128.3 | 128.3 |
| mozilla | thunderbird | >= unspecified < 131 | 131 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv9.8CRITICAL
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2026-02-02
CVE-2025-8031 Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2024-10-07·CVSS 9.8
CVE-2024-9394 [CRITICAL] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Several security issues were fixed in Firefox.
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-9392,
CVE-2024-9396, CVE-2024-9397, CVE-2024-9398, CVE-2024-9399, CVE-2024-9400,
CVE-2024-9401, CVE-2024-9402, CVE-2024-9403)
Masato Kinugawa discovered that Firefox did not properly validate
javascript under the "resource://pdf.js" origin. An attacker could
potentially exploit this issue to execute arbitrary javascript code and
access cross-origin PDF content. (CVE-2024-9393)
Masato Kinugawa discovered that Firefox did not properl
Red Hat
firefox: thunderbird: Potential memory corruption during JIT compilation
vendor_redhat·2024-10-01·CVSS 8.8
CVE-2024-9400 [HIGH] CWE-789 firefox: thunderbird: Potential memory corruption during JIT compilation
firefox: thunderbird: Potential memory corruption during JIT compilation
A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
The Mozilla Foundation's Security Advisory: A potential memory corruption vulnerability could be triggered if an attacker has the ability to trigger an OOM at a specific moment during JIT compilation.
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Package: firefox (Red Hat Enterprise Linux 10) - Affected
Package: thunderbird (Red Hat Enterprise Linux 10) - Affected
Package:
Debian
CVE-2024-9400: firefox - A potential memory corruption vulnerability could be triggered if an attacker ha...
vendor_debian·2024·CVSS 8.8
CVE-2024-9400 [HIGH] CVE-2024-9400: firefox - A potential memory corruption vulnerability could be triggered if an attacker ha...
A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
Scope: local
sid: resolved (fixed in 131.0-1)
Mozilla
Mozilla Foundation Security Advisory 2024-46: CVE-2024-9400
vendor_mozilla·CVSS 8.8
CVE-2024-9400 [HIGH] Mozilla Foundation Security Advisory 2024-46: CVE-2024-9400
Mozilla Foundation Security Advisory 2024-46
CVE: CVE-2024-9400
Product: Firefox
Impact: high
Fixed in: Firefox 131
Mozilla
Mozilla Foundation Security Advisory 2024-49: CVE-2024-9400
vendor_mozilla·CVSS 8.8
CVE-2024-9400 [HIGH] Mozilla Foundation Security Advisory 2024-49: CVE-2024-9400
Mozilla Foundation Security Advisory 2024-49
CVE: CVE-2024-9400
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 128.3
Mozilla
Mozilla Foundation Security Advisory 2024-47: CVE-2024-9400
vendor_mozilla·CVSS 8.8
CVE-2024-9400 [HIGH] Mozilla Foundation Security Advisory 2024-47: CVE-2024-9400
Mozilla Foundation Security Advisory 2024-47
CVE: CVE-2024-9400
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 128.3
Mozilla
Mozilla Foundation Security Advisory 2024-50: CVE-2024-9400
vendor_mozilla·CVSS 8.8
CVE-2024-9400 [HIGH] Mozilla Foundation Security Advisory 2024-50: CVE-2024-9400
Mozilla Foundation Security Advisory 2024-50
CVE: CVE-2024-9400
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 131
OSV
firefox vulnerabilities
osv·2024-10-07·CVSS 9.8
CVE-2024-9392 [CRITICAL] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-9392,
CVE-2024-9396, CVE-2024-9397, CVE-2024-9398, CVE-2024-9399, CVE-2024-9400,
CVE-2024-9401, CVE-2024-9402, CVE-2024-9403)
Masato Kinugawa discovered that Firefox did not properly validate
javascript under the "resource://pdf.js" origin. An attacker could
potentially exploit this issue to execute arbitrary javascript code and
access cross-origin PDF content. (CVE-2024-9393)
Masato Kinugawa discovered that Firefox did not properly validate
javascript under the "resource://devtools" origin. An
GHSA
GHSA-99rj-hj9g-wrcv: A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compil
ghsa_unreviewed·2024-10-01
CVE-2024-9400 [HIGH] CWE-119 GHSA-99rj-hj9g-wrcv: A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compil
A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
OSV
CVE-2024-9400: A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compil
osv·2024-10-01·CVSS 8.8
CVE-2024-9400 [HIGH] CVE-2024-9400: A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compil
A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-01
Published