PT-2024-3489 · Mozilla+10 · Thunderbird+12

Logan Stratton

Published

2024-04-15

Updated

2025-07-18

CVE-2024-3852

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 125 Firefox ESR versions prior to 115.10 Thunderbird versions prior to 115.10

Description The issue is related to the GetBoundName function, which could return the wrong version of an object when JIT optimizations were applied. This could potentially allow a remote attacker to execute arbitrary code. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For Firefox versions prior to 125, update to version 125 or later. For Firefox ESR versions prior to 115.10, update to version 115.10 or later. For Thunderbird versions prior to 115.10, update to version 115.10 or later.

Exploit

Fix

Type Confusion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-386CWE-843

Related Identifiers

ALSA-2024:1908

ALSA-2024:1912

ALSA-2024:1939

ALSA-2024:1940

ALT-PU-2024-13897

ALT-PU-2024-14442

ALT-PU-2024-14892

ALT-PU-2024-15175

ALT-PU-2024-15839

ALT-PU-2024-15841

ALT-PU-2024-6719

ALT-PU-2024-6721

ALT-PU-2024-6765

BDU:2024-03791

CESA-2024_1912

CESA-2024_1939

CVE-2024-3852

DLA-3790-1

DLA-3791-1

DSA-5663-1

DSA-5670-1

MGASA-2024-0151

MGASA-2024-0153

OESA-2024-1786

OESA-2025-1265

OESA-2025-1268

OPENSUSE-SU-2024:13884-1

OPENSUSE-SU-2024:13907-1

OPENSUSE-SU-2024:14572-1

OPENSUSE-SU-2024_1350-1

OPENSUSE-SU-2024_1437-1

OPENSUSE-SU-2024_1770-1

RHSA-2024:1904

RHSA-2024:1905

RHSA-2024:1906

RHSA-2024:1907

RHSA-2024:1908

RHSA-2024:1909

RHSA-2024:1910

RHSA-2024:1911

RHSA-2024:1912

RHSA-2024:1934

RHSA-2024:1935

RHSA-2024:1936

RHSA-2024:1937

RHSA-2024:1938

RHSA-2024:1939

RHSA-2024:1940

RHSA-2024:1941

RHSA-2024:1982

RHSA-2024_1908

RHSA-2024_1910

RHSA-2024_1912

RHSA-2024_1935

RHSA-2024_1939

RHSA-2024_1940

RLSA-2024:1908

RLSA-2024:1912

SUSE-SU-2024:1319-1

SUSE-SU-2024:1350-1

SUSE-SU-2024:1437-1

SUSE-SU-2024:1676-1

SUSE-SU-2024:1770-1

USN-6747-1

USN-6747-2

USN-6750-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Firefox

Firefox Esr

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2024-3489 · Mozilla+10 · Thunderbird+12

CVE-2024-3852

Weakness Enumeration

Related Identifiers

Affected Products

References · 2184