Lucene search

[email protected]NVD:CVE-2024-3857

HistoryApr 16, 2024 - 4:15 p.m.

CVE-2024-3857

2024-04-1616:15:08

CWE-416

[email protected]

web.nvd.nist.gov

jit

code vulnerability

firefox

use-after-free

thunderbird

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

5.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.3%

JSON

The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

References

bugzilla.mozilla.org/show_bug.cgi?id=1886683

lists.debian.org/debian-lts-announce/2024/04/msg00012.html

lists.debian.org/debian-lts-announce/2024/04/msg00013.html

www.mozilla.org/security/advisories/mfsa2024-18/

www.mozilla.org/security/advisories/mfsa2024-19/

www.mozilla.org/security/advisories/mfsa2024-20/

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

5.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.3%

JSON

Related for NVD:CVE-2024-3857

cgr1 veracode1 debiancve1 redhatcve1 ubuntucve1 cvelist1 cve1 vulnrichment1 osv13 oraclelinux3 nessus51 almalinux2 rocky2 openvas22 redhat18 debian4 ubuntu3 mageia2 kaspersky3 mozilla3 slackware1 gentoo1