PT-2024-1982 · Mozilla+4 · Firefox+4

Ronald Crane

·

Published

2024-02-20

·

Updated

2025-03-14

·

CVE-2024-1556

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 123
Description The issue is related to the built-in profiler, where an incorrect object was checked for NULL, potentially leading to invalid memory access and undefined behavior. This problem only affects the application when the profiler is running. The vulnerability may allow a remote attacker to execute arbitrary code.
Recommendations For versions prior to 123, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the built-in profiler until a patch is available.

Exploit

Fix

Improper Check for Exceptional Conditions

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-754CWE-476

Related Identifiers

ALT-PU-2024-15839
ALT-PU-2024-2933
BDU:2024-01818
CVE-2024-1556
OESA-2025-1265
OESA-2025-1268
OPENSUSE-SU-2024:13728-1
OPENSUSE-SU-2024:14572-1
USN-6649-1
USN-6649-2

Affected Products

Alt Linux
Astra Linux
Firefox
Linuxmint
Ubuntu