Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:USN-6747-2
HistoryMay 02, 2024 - 3:20 a.m.

firefox regressions

2024-05-0203:20:32
Google
osv.dev
7
firefox
usn-6747-1
vulnerabilities
regressions
denial of service
sensitive information
arbitrary code
memory management
jit
http/2
cve-2024-3852
cve-2024-3864
cve-2024-3865
cve-2024-3302
cve-2024-3853
cve-2024-3854
cve-2024-3855
cve-2024-3856
cve-2024-3857
cve-2024-3858
cve-2024-3859
cve-2024-3860
cve-2024-3861
cve-2024-3862

8.5 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.3%

JSON

USN-6747-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-3852,
CVE-2024-3864, CVE-2024-3865)

Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2
CONTINUATION frames. An attacker could potentially exploit this issue to
cause a denial of service. (CVE-2024-3302)

Gary Kwong discovered that Firefox did not properly manage memory when
running garbage collection during realm initialization. An attacker could
potentially exploit this issue to cause a denial of service, or execute
arbitrary code. (CVE-2024-3853)

Lukas Bernhard discovered that Firefox did not properly manage memory
during JIT optimisations, leading to an out-of-bounds read vulnerability.
An attacker could possibly use this issue to cause a denial of service or
expose sensitive information. (CVE-2024-3854, CVE-2024-3855)

Nan Wang discovered that Firefox did not properly manage memory during
WASM garbage collection. An attacker could potentially exploit this issue
to cause a denial of service, or execute arbitrary code. (CVE-2024-3856)

Lukas Bernhard discovered that Firefox did not properly manage memory
when handling JIT created code during garbage collection. An attacker
could potentially exploit this issue to cause a denial of service, or
execute arbitrary code. (CVE-2024-3857)

Lukas Bernhard discovered that Firefox did not properly manage memory when
tracing in JIT. An attacker could potentially exploit this issue to cause
a denial of service. (CVE-2024-3858)

Ronald Crane discovered that Firefox did not properly manage memory in the
OpenType sanitizer on 32-bit devices, leading to an out-of-bounds read
vulnerability. An attacker could possibly use this issue to cause a denial
of service or expose sensitive information. (CVE-2024-3859)

Garry Kwong discovered that Firefox did not properly manage memory when
tracing empty shape lists in JIT. An attacker could potentially exploit
this issue to cause a denial of service. (CVE-2024-3860)

Ronald Crane discovered that Firefox did not properly manage memory when
handling an AlignedBuffer. An attacker could potentially exploit this
issue to cause denial of service, or execute arbitrary code.
(CVE-2024-3861)

Ronald Crane discovered that Firefox did not properly manage memory when
handling code in MarkStack. An attacker could possibly use this issue to
cause a denial of service or execute arbitrary code. (CVE-2024-3862)

Related

ubuntu 3
openvas 22
nessus 53
osv 13
mozilla 3
kaspersky 3
redhat 18
debian 4
rocky 3
almalinux 2
oraclelinux 4
mageia 2
slackware 1
gentoo 1
ubuntucve 9
debiancve 9
veracode 11
cve 8
nvd 9
vulnrichment 4
cvelist 10
redhatcve 4
cgr 3
ubuntu
ubuntu
Firefox regressions
2024-05-02 00:00:00
Firefox vulnerabilities
2024-04-24 00:00:00
Thunderbird vulnerabilities
2024-04-25 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6747-2)
2024-05-02 00:00:00
Ubuntu: Security Advisory (USN-6747-1)
2024-04-25 00:00:00
Mozilla Firefox Security Update (mfsa_2024-18) - Windows
2024-04-17 00:00:00
nessus
nessus
Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6747-1)
2024-04-24 00:00:00
Fedora 40 : firefox (2024-c6a1d4e0ec)
2024-04-29 00:00:00
Fedora 39 : firefox (2024-121f5cec9f)
2024-04-17 00:00:00
osv
osv
firefox vulnerabilities
2024-04-24 04:43:24
thunderbird vulnerabilities
2024-04-25 03:24:59
Low: thunderbird security update
2024-04-22 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox 125 — Mozilla
2024-04-16 00:00:00
Security Vulnerabilities fixed in Firefox ESR 115.10 — Mozilla
2024-04-16 00:00:00
Security Vulnerabilities fixed in Thunderbird 115.10 — Mozilla
2024-04-16 00:00:00
kaspersky
kaspersky
KLA65639 Multiple vulnerabilities in Mozilla Firefox
2024-04-16 00:00:00
KLA65640 Multiple vulnerabilities in Mozilla Firefox ESR
2024-04-16 00:00:00
KLA65693 Multiple vulnerabilities in Mozilla Thunderbird
2024-04-16 00:00:00
redhat
redhat
(RHSA-2024:1906) Important: firefox security update
2024-04-18 09:05:27
(RHSA-2024:1908) Important: firefox security update
2024-04-18 09:05:44
(RHSA-2024:1904) Important: firefox security update
2024-04-18 08:52:48
debian
debian
[SECURITY] [DLA 3790-1] firefox-esr security update
2024-04-19 10:40:02
[SECURITY] [DLA 3791-1] thunderbird security update
2024-04-22 08:49:04
[SECURITY] [DSA 5670-1] thunderbird security update
2024-04-22 07:42:03
rocky
rocky
firefox security update
2024-05-10 14:32:42
firefox security update
2024-05-06 13:04:21
thunderbird security update
2024-05-06 13:04:21
almalinux
almalinux
Important: firefox security update
2024-04-18 00:00:00
Important: firefox security update
2024-04-18 00:00:00
oraclelinux
oraclelinux
firefox security update
2024-04-19 00:00:00
firefox security update
2024-04-19 00:00:00
firefox security update
2024-04-18 00:00:00
mageia
mageia
Updated thunderbird packages fix security vulnerabilities
2024-04-27 03:37:18
Updated firefox packages fix security vulnerabilities
2024-04-27 09:26:16
slackware
slackware
[slackware-security] mozilla-firefox
2024-04-16 18:53:34
gentoo
gentoo
Mozilla Thunderbird: Multiple Vulnerabilities
2024-05-12 00:00:00
ubuntucve
ubuntucve
CVE-2024-3853
2024-04-16 00:00:00
CVE-2024-3852
2024-04-16 00:00:00
CVE-2024-3860
2024-04-16 00:00:00
debiancve
debiancve
CVE-2024-3853
2024-04-16 16:15:08
CVE-2024-3854
2024-04-16 16:15:08
CVE-2024-3860
2024-04-16 16:15:08
veracode
veracode
Use-After-Free
2024-04-19 01:24:09
Incorrect Return Value
2024-04-19 01:24:15
Denial Of Service (DoS)
2024-04-19 01:20:21
cve
cve
CVE-2024-3853
2024-04-16 16:15:08
CVE-2024-3858
2024-04-16 16:15:08
CVE-2024-3860
2024-04-16 16:15:08
nvd
nvd
CVE-2024-3853
2024-04-16 16:15:08
CVE-2024-3854
2024-04-16 16:15:08
CVE-2024-3852
2024-04-16 16:15:08
vulnrichment
vulnrichment
CVE-2024-3853
2024-04-16 15:14:05
CVE-2024-3854
2024-04-16 15:14:05
CVE-2024-3852
2024-04-16 15:14:05
cvelist
cvelist
CVE-2024-3853
2024-04-16 15:14:05
CVE-2024-3852
2024-04-16 15:14:05
CVE-2024-3860
2024-04-16 15:14:07
redhatcve
redhatcve
CVE-2024-3852
2024-04-18 10:00:00
CVE-2024-3861
2024-04-18 10:00:18
CVE-2024-3854
2024-04-17 19:53:30
cgr
cgr
CVE-2024-3854 vulnerabilities
2024-05-19 03:07:16
CVE-2024-3861 vulnerabilities
2024-05-19 03:07:16
CVE-2024-3857 vulnerabilities
2024-05-19 03:07:16

8.5 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.3%

JSON
Related for OSV:USN-6747-2
ubuntu3openvas22nessus53osv13mozilla3kaspersky3redhat18debian4rocky3almalinux2oraclelinux4mageia2slackware1gentoo1ubuntucve9debiancve9veracode11cve8nvd9vulnrichment4cvelist10redhatcve4cgr3