PT-2024-3492 · Mozilla+4 · Firefox+4

Gary Kwong

Published

2024-04-16

Updated

2025-03-14

CVE-2024-3860

CVSS v3.1

6.2

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 125

Description The issue is related to an out-of-memory condition during object initialization, which could result in an empty shape list. If the Just-In-Time (JIT) compiler subsequently traced the object, it would crash. This could potentially allow a remote attacker to cause a denial of service.

Recommendations For versions prior to 125, update to a version that contains a fix for this issue to prevent potential crashes due to the out-of-memory condition during object initialization.

Exploit

Fix

Resource Exhaustion

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-401

Related Identifiers

ALT-PU-2024-15839

ALT-PU-2024-6765

BDU:2024-03794

CVE-2024-3860

OESA-2025-1265

OESA-2025-1268

OPENSUSE-SU-2024:13907-1

OPENSUSE-SU-2024:14572-1

USN-6747-1

USN-6747-2

Affected Products

Alt Linux

Astra Linux

Firefox

Linuxmint

Ubuntu

PT-2024-3492 · Mozilla+4 · Firefox+4

CVE-2024-3860

Weakness Enumeration

Related Identifiers

Affected Products

References · 2094