Lucene search

K

GoogleOSV:CVE-2024-7652

HistorySep 06, 2024 - 7:15 p.m.

CVE-2024-7652

2024-09-0619:15:12

Google

osv.dev

ecma-262

async generators

memory corruption

exploitable crash

firefox

thunderbird

vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

References

bugzilla.mozilla.org/show_bug.cgi?id=1901411

github.com/tc39/ecma262/security/advisories/GHSA-g38c-wh3c-5h9r

security-tracker.debian.org/tracker/CVE-2024-7652

www.mozilla.org/security/advisories/mfsa2024-29/

www.mozilla.org/security/advisories/mfsa2024-30/

www.mozilla.org/security/advisories/mfsa2024-31/

www.mozilla.org/security/advisories/mfsa2024-32/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

Related for OSV:CVE-2024-7652

osv4 nvd3 cve3 github1 cvelist3 vulnrichment3 nessus14 freebsd1 redos1 debiancve1 redhatcve1 openvas2 kaspersky4 mozilla4 redhat11 oraclelinux4 rocky2