Possible Use-After-Free Vulnerability Affecting Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1
CVE-2024-7527

8.8HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr
Vendor: CVE Published:; 6 August 2024

Summary

A vulnerability identified in Firefox and Thunderbird arises from unexpected marking actions at the beginning of a sweeping process, which may lead to a use-after-free condition. This flaw could potentially be exploited to manipulate memory, leading to unpredictable behavior or crashes. Users of affected versions of both Firefox and Thunderbird are advised to apply available security updates to mitigate this risk.

Affected Version(s)

Firefox < 129

Firefox ESR < 115.14

Firefox ESR < 128.1

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1871303

https://www.mozilla.org/security/advisories/mfsa2024-33/

https://www.mozilla.org/security/advisories/mfsa2024-34/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 6, 2024
Vulnerability Reserved
Aug 5, 2024

Credit

Norisz Fay