Out-of-bounds Read/Write Vulnerability Affects Firefox

CVE-2024-29943

Currently unrated 🤨

Key Information

Vendor
Mozilla
Status
Firefox
Vendor
CVE Published:
22 March 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

The vulnerability CVE-2024-29943 affects Firefox, allowing attackers to perform an out-of-bounds read or write on a JavaScript object, enabling remote code execution and sandbox escape. The flaw was exploited during the Pwn2Own Vancouver 2024 hacking competition and affected Firefox versions before 124.0.1. Mozilla has since released security updates to address this vulnerability, but it is imperative for users to promptly update their web browsers to mitigate the risk of potential remote code execution attacks.

Affected Version(s)

Firefox < 124.0.1

News Articles

favicon imageunSafe.sh

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

9 months ago

favicon imageSecurity Affairs

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during the Pwn2Own Vancouver 2024.

9 months ago

favicon imageCybersecurityNews

2 Firefox Zero-Days Exploited At Pwn2Own : Patch Now

Mozilla addresses two zero-day vulnerabilities that were recently exploited at the Pwn2Own Vancouver 2024 hacking contest in the Firefox

9 months ago

Refferences

https://bugzilla.mozilla.org/show_bug.cgi?id=1886849
https://www.mozilla.org/security/advisories/mfsa2024-15/
http://www.openwall.com/lists/oss-security/2024/03/23/1

Timeline

  • 👾

    Exploit known to exist

  • First article discovered by Beeping Computers

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database8 News Article(s)

Credit

Manfred Paul via Trend Micro's Zero Day Initiative
.