PT-2024-5925 · Mozilla+9 · Firefox+11

Seunghyun Lee

·

Published

2024-09-03

·

Updated

2024-12-27

·

CVE-2024-8385

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 130 Firefox ESR versions prior to 128.2 Thunderbird versions prior to 128.2
Description A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability, potentially allowing a remote attacker to execute arbitrary code in the target system.
Recommendations For Firefox versions prior to 130, update to version 130 or later. For Firefox ESR versions prior to 128.2, update to version 128.2 or later. For Thunderbird versions prior to 128.2, update to version 128.2 or later.

Fix

Type Confusion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-843

Related Identifiers

ALSA-2024:6681
ALSA-2024:6682
ALSA-2024:6683
ALSA-2024:6684
ALT-PU-2024-13895
ALT-PU-2024-13897
ALT-PU-2024-13898
ALT-PU-2024-15839
ALT-PU-2024-15840
ALT-PU-2024-15841
BDU:2024-06731
CESA-2024_6682
CESA-2024_6684
CVE-2024-8385
INFSA-2024_6681
INFSA-2024_6682
INFSA-2024_6683
INFSA-2024_6684
MGASA-2024-0325
MGASA-2024-0332
MGASA-2024-0334
OESA-2024-2241
OPENSUSE-SU-2024:14358-1
OPENSUSE-SU-2024:14369-1
OPENSUSE-SU-2024:14572-1
OPENSUSE-SU-2024_3157-1
OPENSUSE-SU-2024_3507-1
RHSA-2024:6681
RHSA-2024:6682
RHSA-2024:6683
RHSA-2024:6684
RHSA-2024:6719
RHSA-2024:6720
RHSA-2024:6721
RHSA-2024:6722
RHSA-2024:6723
RHSA-2024:6816
RHSA-2024:6838
RHSA-2024:6891
RHSA-2024:6892
RHSA-2024_6681
RHSA-2024_6682
RHSA-2024_6683
RHSA-2024_6684
RLSA-2024:6681
RLSA-2024:6682
RLSA-2024:6683
RLSA-2024:6684
SUSE-SU-2024:3152-1
SUSE-SU-2024:3157-1
SUSE-SU-2024:3507-1
USN-6992-1
USN-6992-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Rocky Linux
Suse
Thunderbird
Ubuntu