CVE-2024-9400 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox
Severity
8.8HIGHNVD
OSV9.8
EPSS
0.1%
top 66.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 1
Latest updateFeb 2
Description
A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages7 packages
🔴Vulnerability Details
4GHSA▶
GHSA-99rj-hj9g-wrcv: A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compil↗2024-10-01
CVEList▶
CVE-2024-9400: A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compil↗2024-10-01
OSV▶
CVE-2024-9400: A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compil↗2024-10-01
📋Vendor Advisories
8Debian▶
CVE-2024-9400: firefox - A potential memory corruption vulnerability could be triggered if an attacker ha...↗2024