Memory safety bug present in Firefox 124, Firefox ESR 115.9, and
Thunderbird 115.9. This bug showed evidence of memory corruption and we
presume that with enough effort this could have been exploited to run
arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR <
115.10, and Thunderbird < 115.10.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
mdeslaur | starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | firefox | < 125.0.2+build1-0ubuntu0.20.04.2 | UNKNOWN |
ubuntu | 22.04 | noarch | mozjs102 | < any | UNKNOWN |
ubuntu | 23.10 | noarch | mozjs102 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | mozjs102 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | mozjs38 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | mozjs52 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | mozjs52 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | mozjs68 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | mozjs78 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | mozjs91 | < any | UNKNOWN |
launchpad.net/bugs/cve/CVE-2024-3864
nvd.nist.gov/vuln/detail/CVE-2024-3864
security-tracker.debian.org/tracker/CVE-2024-3864
ubuntu.com/security/notices/USN-6747-1
ubuntu.com/security/notices/USN-6750-1
www.cve.org/CVERecord?id=CVE-2024-3864
www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3864
www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3864