PT-2024-2357 · Mozilla+4 · Firefox+4

Manfred Paul

Published

2024-03-22

Updated

2026-01-29

CVE-2024-29943

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 124.0.1

Description The issue is related to an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This can allow an attacker to read outside the expected values or execute arbitrary code remotely. The vulnerability is associated with the SpiderMonkey JIT Compiler.

Recommendations For Firefox versions prior to 124.0.1, update to version 124.0.1 or later to resolve the issue. As a temporary workaround, consider disabling the JavaScript engine or restricting its use until a patch is available. Avoid using the MObjectKeysLength::computeRange function in the IonMonkey until the issue is resolved. Restrict access to the SpiderMonkey JIT Compiler to minimize the risk of exploitation.

Exploit

Fix

Out of bounds Read

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787CWE-119

Related Identifiers

ALSA-2024_1484

ALSA-2024_1485

ALSA-2024_1493

ALSA-2024_1494

ALSA-2024_1908

ALSA-2024_1912

ALSA-2024_1939

ALSA-2024_1940

ALSA-2025_16880

ALT-PU-2024-15839

ALT-PU-2024-4915

BDU:2024-02305

CVE-2024-29943

OESA-2025-1265

OESA-2025-1268

OPENSUSE-SU-2024:13795-1

OPENSUSE-SU-2024:14572-1

USN-6710-1

USN-6710-2

ZDI-24-664

Affected Products

Alt Linux

Astra Linux

Firefox

Linuxmint

Ubuntu

PT-2024-2357 · Mozilla+4 · Firefox+4

CVE-2024-29943

Weakness Enumeration

Related Identifiers

Affected Products

References · 2110