PT-2024-5603 · Mozilla+9 · Firefox+11

Nan Wang

·

Published

2024-08-06

·

Updated

2025-01-13

·

CVE-2024-7520

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 129 Mozilla Firefox ESR versions prior to 128.1 Mozilla Thunderbird versions prior to 128.1
Description The issue is related to a type confusion bug in WebAssembly, which could potentially allow a remote attacker to achieve code execution. This bug is associated with errors in mixing data types.
Recommendations For Mozilla Firefox versions prior to 129, update to version 129 or later. For Mozilla Firefox ESR versions prior to 128.1, update to version 128.1 or later. For Mozilla Thunderbird versions prior to 128.1, update to version 128.1 or later.

Fix

Type Confusion

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-843CWE-94

Related Identifiers

ALSA-2024:5322
ALSA-2024:5391
ALSA-2024:5392
ALSA-2024:5402
ALT-PU-2024-13895
ALT-PU-2024-13897
ALT-PU-2024-13898
ALT-PU-2024-15839
ALT-PU-2024-15840
ALT-PU-2024-15841
BDU:2024-06292
CESA-2024_5391
CESA-2024_5402
CVE-2024-7520
INFSA-2024_5322
INFSA-2024_5391
INFSA-2024_5392
INFSA-2024_5402
MGASA-2024-0325
MGASA-2024-0332
MGASA-2024-0334
OPENSUSE-SU-2024:14260-1
OPENSUSE-SU-2024:14572-1
OPENSUSE-SU-2024_3003-1
OPENSUSE-SU-2024_3507-1
RHSA-2024:5322
RHSA-2024:5323
RHSA-2024:5324
RHSA-2024:5325
RHSA-2024:5326
RHSA-2024:5327
RHSA-2024:5328
RHSA-2024:5329
RHSA-2024:5391
RHSA-2024:5392
RHSA-2024:5393
RHSA-2024:5394
RHSA-2024:5395
RHSA-2024:5396
RHSA-2024:5402
RHSA-2024:5527
RHSA-2024:5528
RHSA-2024_5322
RHSA-2024_5391
RHSA-2024_5392
RHSA-2024_5402
ROSA-SA-2025-2563
SUSE-SU-2024:2876-1
SUSE-SU-2024:3003-1
SUSE-SU-2024:3507-1
USN-6966-1
USN-6966-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Firefox
Firefox Esr
Thunderbird
Red Hat
Rocky Linux
Suse
Ubuntu