Home

Description

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.

PUBLISHED Reserved 2024-03-21 | Published 2024-03-22 | Updated 2025-02-13 | Assigner mozilla

Problem types

Out-of-bounds access via Range Analysis bypass

Product status

Any version before 124.0.1
affected

Credits

Manfred Paul via Trend Micro's Zero Day Initiative

References

bugzilla.mozilla.org/show_bug.cgi?id=1886849

www.mozilla.org/security/advisories/mfsa2024-15/

www.openwall.com/lists/oss-security/2024/03/23/1

cve.org (CVE-2024-29943)

nvd.nist.gov (CVE-2024-29943)

Download JSON