CVE-2024-9936 — Race Condition in Mozilla Firefox

Vendor	Product	Version range	Fixed in
debian	firefox	< firefox 131.0.3-1 (sid)	firefox 131.0.3-1 (sid)
mozilla	firefox	< 131.0.3	131.0.3
mozilla	firefox	—	—
mozilla	firefox	>= 0 < 131.0.3+build1-0ubuntu0.20.04.1	131.0.3+build1-0ubuntu0.20.04.1
mozilla	firefox	>= unspecified < 131.0.3	131.0.3

Ubuntu

Firefox vulnerability

vendor_ubuntu·2024-10-22

CVE-2024-9936 Firefox vulnerability Title: Firefox vulnerability Summary: Firefox could be made to crash or run programs as your login Atte Kettunen discovered that Firefox did not properly validate before inserting ranges into the selection node cache. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Instructions: After a standard system update you need to restart Firefox to make all the necessary changes.

Red Hat

firefox: Undefined behavior in selection node cache

vendor_redhat·2024-10-14·CVSS 6.5

CVE-2024-9936 [MEDIUM] CWE-754 firefox: Undefined behavior in selection node cache firefox: Undefined behavior in selection node cache When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3. A flaw was found in Firefox. When manipulating the selection node cache, an attacker may be able to cause unexpected behavior, leading to an exploitable crash. Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope Package: firefox (Red Hat Enterprise Linux 7) - Not affected Package: firefox (Red Hat Enterprise Linux 8) - Not affected Package: firefox (Red Hat Enterprise Linux 9) - Not affected

Debian

CVE-2024-9936: firefox - When manipulating the selection node cache, an attacker may have been able to ca...

vendor_debian·2024·CVSS 6.5

CVE-2024-9936 [MEDIUM] CVE-2024-9936: firefox - When manipulating the selection node cache, an attacker may have been able to ca... When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3. Scope: local sid: resolved (fixed in 131.0.3-1)

Mozilla

Mozilla Foundation Security Advisory 2024-53: CVE-2024-9936

vendor_mozilla·CVSS 6.5

CVE-2024-9936 [MEDIUM] Mozilla Foundation Security Advisory 2024-53: CVE-2024-9936 Mozilla Foundation Security Advisory 2024-53 CVE: CVE-2024-9936 Product: Firefox Impact: high Fixed in: Firefox 131.0.3

OSV

CVE-2024-9936: When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash

osv·2024-10-14·CVSS 6.5

CVE-2024-9936 [MEDIUM] CVE-2024-9936: When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3.

GHSA

GHSA-8c7g-vx5g-cmpg: When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash

ghsa_unreviewed·2024-10-14

CVE-2024-9936 [MEDIUM] CWE-362 GHSA-8c7g-vx5g-cmpg: When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3.

CVE-2024-9936: When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This…

Affected

CVSS provenance