PT-2024-5900 · Mozilla+10 · Firefox+12

Published

2024-09-03

·

Updated

2025-03-14

·

CVE-2024-8384

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 130 Firefox ESR versions prior to 128.2 Firefox ESR versions prior to 115.15 Thunderbird versions prior to 128.2 Thunderbird versions prior to 115.15
Description The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes, potentially leading to memory corruption. This issue is related to the use of memory after it has been freed, which could allow a remote attacker to execute arbitrary code.
Recommendations For Firefox versions prior to 130, update to version 130 or later. For Firefox ESR versions prior to 128.2, update to version 128.2 or later. For Firefox ESR versions prior to 115.15, update to version 115.15 or later. For Thunderbird versions prior to 128.2, update to version 128.2 or later. For Thunderbird versions prior to 115.15, update to version 115.15 or later.

Fix

DoS

Use After Free

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-787

Related Identifiers

ALSA-2024:6681
ALSA-2024:6682
ALSA-2024:6683
ALSA-2024:6684
ALT-PU-2024-13895
ALT-PU-2024-13897
ALT-PU-2024-13898
ALT-PU-2024-14780
ALT-PU-2024-15087
ALT-PU-2024-15839
ALT-PU-2024-15840
ALT-PU-2024-15841
BDU:2024-06703
CESA-2024_6682
CESA-2024_6684
CVE-2024-8384
DLA-3869-1
DLA-3882-1
DSA-5765-1
DSA-5767-1
INFSA-2024_6681
INFSA-2024_6682
INFSA-2024_6683
INFSA-2024_6684
MGASA-2024-0325
MGASA-2024-0332
MGASA-2024-0334
OESA-2024-2139
OESA-2025-1265
OESA-2025-1268
OPENSUSE-SU-2024:14325-1
OPENSUSE-SU-2024:14358-1
OPENSUSE-SU-2024:14369-1
OPENSUSE-SU-2024:14572-1
OPENSUSE-SU-2024_3157-1
OPENSUSE-SU-2024_3507-1
RHSA-2024:6681
RHSA-2024:6682
RHSA-2024:6683
RHSA-2024:6684
RHSA-2024:6719
RHSA-2024:6720
RHSA-2024:6721
RHSA-2024:6722
RHSA-2024:6723
RHSA-2024:6816
RHSA-2024:6838
RHSA-2024:6891
RHSA-2024:6892
RHSA-2024_6681
RHSA-2024_6682
RHSA-2024_6683
RHSA-2024_6684
RLSA-2024:6681
RLSA-2024:6682
RLSA-2024:6683
RLSA-2024:6684
SUSE-SU-2024:3152-1
SUSE-SU-2024:3157-1
SUSE-SU-2024:3507-1
USN-6992-1
USN-6992-2
USN-6995-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Thunderbird
Ubuntu