CVE-2024-3852 | THREATINT

Description

GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

PUBLISHED Reserved 2024-04-15 | Published 2024-04-16 | Updated 2024-08-01 | Assigner mozilla

Problem types

GetBoundName in the JIT returned the wrong object

Product status

Any version before 125

affected

Any version before 115.10

affected

Any version before 115.10

affected

Credits

Logan Stratton

References

bugzilla.mozilla.org/show_bug.cgi?id=1883542

lists.debian.org/debian-lts-announce/2024/04/msg00012.html

lists.debian.org/debian-lts-announce/2024/04/msg00013.html

www.mozilla.org/security/advisories/mfsa2024-18/

www.mozilla.org/security/advisories/mfsa2024-19/

www.mozilla.org/security/advisories/mfsa2024-20/

bugzilla.mozilla.org/show_bug.cgi?id=1883542

lists.debian.org/debian-lts-announce/2024/04/msg00012.html

lists.debian.org/debian-lts-announce/2024/04/msg00013.html

www.mozilla.org/security/advisories/mfsa2024-18/

www.mozilla.org/security/advisories/mfsa2024-19/

www.mozilla.org/security/advisories/mfsa2024-20/

cve.org (CVE-2024-3852)

nvd.nist.gov (CVE-2024-3852)

Download JSON