CVE-2024-7652

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 128 Mozilla Firefox ESR versions prior to 115.13 Mozilla Thunderbird versions prior to 115.13 Mozilla Thunderbird versions prior to 128

Description The issue is related to a type confusion in Async Generators, potentially leading to memory corruption and an exploitable crash. This could allow a remote attacker to cause a denial of service. The problem is associated with an error in the ECMA-262 specification.

Recommendations For Mozilla Firefox versions prior to 128, upgrade to version 128 or later. For Mozilla Firefox ESR versions prior to 115.13, upgrade to version 115.13 or later. For Mozilla Thunderbird versions prior to 115.13, upgrade to version 115.13 or later. For Mozilla Thunderbird versions prior to 128, upgrade to version 128 or later. As a temporary workaround, consider using std::panic::catch unwind to ensure any exceptions caused by the engine do not impact the availability of the main application.