PT-2024-2389 · Mozilla+4 · Firefox+4

P1Umer

Published

2024-03-19

Updated

2025-03-14

CVE-2024-2606

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 124

Description The issue is related to incorrect handling of WASM register values. Exploitation of this issue could allow a remote attacker to execute arbitrary code. The problem arises when invalid data is passed, potentially leading to the creation of invalid WASM values, such as converting arbitrary integers into pointer values.

Recommendations For versions prior to 124, update to version 124 or later to resolve the issue. As a temporary workaround, consider restricting the use of WASM functionality until a patch is available.

Exploit

Fix

Incorrect Type Conversion or Cast

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-704CWE-20

Related Identifiers

ALT-PU-2024-15839

ALT-PU-2024-4271

BDU:2024-02341

CVE-2024-2606

OESA-2025-1265

OESA-2025-1268

OPENSUSE-SU-2024:13795-1

OPENSUSE-SU-2024:14572-1

USN-6703-1

Affected Products

Alt Linux

Astra Linux

Firefox

Linuxmint

Ubuntu

PT-2024-2389 · Mozilla+4 · Firefox+4

CVE-2024-2606

Weakness Enumeration

Related Identifiers

Affected Products

References · 2091