CVE-2024-8384

The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

History

06 Sep 2024, 17:15

Type Values Removed Values Added
References
  • () https://www.mozilla.org/security/advisories/mfsa2024-43/ -
  • () https://www.mozilla.org/security/advisories/mfsa2024-44/ -
Summary (en) The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15. (en) The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.

04 Sep 2024, 15:50

Type Values Removed Values Added
CPE cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
CWE CWE-787
First Time Mozilla
Mozilla firefox Esr
Mozilla firefox
Summary
  • (es) El recolector de elementos no utilizados de JavaScript podría colorear incorrectamente los objetos entre compartimentos si se detectaran condiciones de OOM en el punto correcto entre dos pasadas. Esto podría haber provocado una corrupción de la memoria. Esta vulnerabilidad afecta a Firefox &lt; 130, Firefox ESR &lt; 128.2 y Firefox ESR &lt; 115.15.
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1911288 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1911288 - Issue Tracking, Permissions Required
References () https://www.mozilla.org/security/advisories/mfsa2024-39/ - () https://www.mozilla.org/security/advisories/mfsa2024-39/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2024-40/ - () https://www.mozilla.org/security/advisories/mfsa2024-40/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2024-41/ - () https://www.mozilla.org/security/advisories/mfsa2024-41/ - Vendor Advisory

03 Sep 2024, 16:35

Type Values Removed Values Added
CWE CWE-416
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

03 Sep 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-03 13:15

Updated : 2024-09-06 17:15


NVD link : CVE-2024-8384

Mitre link : CVE-2024-8384

CVE.ORG link : CVE-2024-8384


JSON object : View

Products Affected

mozilla

  • firefox
  • firefox_esr
CWE
CWE-787

Out-of-bounds Write

CWE-416

Use After Free