Shodan
Vulnerabilities
Vulnerable Software
Mozilla:  >> Firefox  >> 0.3  Security Vulnerabilities
CVE-2024-3853
A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. This vulnerability affects Firefox < 125.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-16
CVE-2024-3854
In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
CVSS Score
8.8
EPSS Score
0.006
Published
2024-04-16
CVE-2024-3855
In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads. This vulnerability affects Firefox < 125.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-04-16
CVE-2024-3856
A use-after-free could occur during WASM execution if garbage collection ran during the creation of an array. This vulnerability affects Firefox < 125.
CVSS Score
8.8
EPSS Score
0.005
Published
2024-04-16
CVE-2024-3857
The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-04-16
CVE-2024-3858
It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-04-16
CVE-2024-3859
On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
CVSS Score
5.9
EPSS Score
0.012
Published
2024-04-16
CVE-2024-3860
An out-of-memory condition during object initialization could result in an empty shape list. If the JIT subsequently traced the object it would crash. This vulnerability affects Firefox < 125.
CVSS Score
6.2
EPSS Score
0.0
Published
2024-04-16
CVE-2024-3861
If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
CVSS Score
4.0
EPSS Score
0.001
Published
2024-04-16
CVE-2024-3862
The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it were used in a self-assignment. This vulnerability affects Firefox < 125.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-04-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved