Mozilla Vulnerabilities
| CVE ID | CVSS | Exploit | Patch | Trends |
|---|---|---|---|---|
CVE-2024-9936When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3. | CVSS 6.5 | - | Patched |  |
CVE-2024-9680An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0. | CVSS 9.8 | Exploit | Patched |  |
CVE-2024-9403[High] Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. | CVSS 7.3 | - | Patched |  |
CVE-2024-9402[High] Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. | CVSS 9.8 | - | Patched |  |
CVE-2024-9401[High] Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. | CVSS 9.8 | - | Patched |  |
CVE-2024-9400A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | CVSS 8.8 | - | Patched |  |
CVE-2024-9399A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | CVSS 7.5 | - | Patched |  |
CVE-2024-9398By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | CVSS 5.3 | - | Patched |  |
CVE-2024-9397A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | CVSS 6.1 | - | Patched |  |
CVE-2024-9396It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | CVSS 8.8 | - | Patched |  |
CVE-2024-9395[Moderate] A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog.This bug only affects Firefox for Android. Other versions of Firefox are unaffected. | CVSS 5.3 | - | Patched |  |
CVE-2024-9394[High] An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. | CVSS 7.5 | - | Patched |  |
CVE-2024-9393[High] An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. | CVSS 7.5 | - | Patched |  |
CVE-2024-9392A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. | CVSS 9.8 | - | Patched |  |
CVE-2024-9391[High] A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible.This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffected. | CVSS Low | - | Patched |  |
CVE-2024-8900An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129. | CVSS 7.5 | - | Patched |  |
CVE-2024-8897[High] Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site.This bug only affects Firefox for Android. Other versions of Firefox are unaffected. | CVSS 6.1 | - | Patched |  |
CVE-2024-8399Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130. | CVSS 4.7 | - | Patched |  |
CVE-2024-8394When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2. | CVSS 6.5 | - | Patched |  |
CVE-2024-8389[High] Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. | CVSS 9.8 | - | Patched |  |
CVE-2024-8388[Moderate] Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the sudden appearance of the prompt distracted the user from noticing the visual transition happening behind the prompt. These notifications now use the Android Toast feature. This bug only affects Firefox on Android. Other operating systems are unaffected. | CVSS 5.3 | - | Patched |  |
CVE-2024-8387[High] Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. | CVSS 9.8 | - | Patched |  |
CVE-2024-8386[Low] If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. | CVSS 6.1 | - | Patched |  |
CVE-2024-8385A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. | CVSS 9.8 | - | Patched |  |
CVE-2024-8384The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. | CVSS 9.8 | - | Patched |  |
CVE-2024-8383[Moderate] Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will | CVSS 7.5 | - | Patched |  |
CVE-2024-8382[Moderate] Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. | CVSS 8.8 | - | Patched |  |
CVE-2024-8381A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15. | CVSS 9.8 | - | Patched |  |
CVE-2024-7652An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | CVSS 7.5 | - | Patched |  |
CVE-2024-7531[Low] Calling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. | CVSS 6.5 | - | Patched |  |
CVE-2024-7530[Moderate] Incorrect garbage collection interaction could have led to a use-after-free. | CVSS 8.8 | - | Patched |  |
CVE-2024-7529The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. | CVSS 6.5 | - | Patched |  |
CVE-2024-7528Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129 and Firefox ESR < 128.1. | CVSS 8.8 | - | Patched |  |
CVE-2024-7527Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. | CVSS 8.8 | - | Patched |  |
CVE-2024-7526ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. | CVSS 6.5 | - | Patched |  |
CVE-2024-7525It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | CVSS 8.1 | - | Patched |  |
CVE-2024-7524[High] Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. | CVSS 6.1 | - | Patched |  |
CVE-2024-7523[High] A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This issue only affects Android versions of Firefox. | CVSS 8.1 | - | Patched |  |
CVE-2024-7522Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. | CVSS 8.8 | - | Patched |  |
CVE-2024-7521Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. | CVSS 8.8 | - | Patched |  |
CVE-2024-7520A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129 and Firefox ESR < 128.1. | CVSS 8.8 | - | Patched |  |
CVE-2024-7519Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | CVSS 9.6 | - | Patched |  |
CVE-2024-7518Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. | CVSS 6.5 | - | Patched |  |
CVE-2024-6615Memory safety bugs present in Firefox 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128. | CVSS 8.8 | - | Patched |  |
CVE-2024-6614The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128. | CVSS 4.3 | - | Patched |  |
CVE-2024-6613The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128. | CVSS 5.5 | - | Patched |  |
CVE-2024-6612CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128. | CVSS 5.3 | - | Patched |  |
CVE-2024-6611A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128. | CVSS 9.8 | - | Patched |  |
CVE-2024-6610Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128. | CVSS 4.3 | - | Patched |  |
CVE-2024-6609When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128. | CVSS 8.8 | - | Patched |  |
CVE-2024-6608It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128. | CVSS 4.3 | - | Patched |  |
CVE-2024-6607It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `<select>` element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox < 128. | CVSS 8.8 | - | Patched |  |
CVE-2024-6606Clipboard code failed to check the index on an array access. This could have lead to an out-of-bounds read. This vulnerability affects Firefox < 128. | CVSS 9.8 | - | Patched |  |
CVE-2024-6605Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. This vulnerability affects Firefox < 128. | CVSS 8.8 | - | Patched |  |
CVE-2024-6604Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13. | CVSS 7.5 | - | Patched |  |
CVE-2024-6603In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13. | CVSS 7.4 | - | Patched |  |
CVE-2024-6602A mismatch between allocator and deallocator could have lead to memory corruption. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13. | CVSS 9.8 | - | Patched |  |
CVE-2024-6601A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13. | CVSS 4.7 | - | Patched |  |
CVE-2024-6600Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on mac OS. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13. | CVSS 6.3 | - | Patched |  |
CVE-2024-5702Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125 and Firefox ESR < 115.12. | CVSS 7.5 | - | Patched |  |
CVE-2024-5701[High] Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. | CVSS 9.8 | - | Patched |  |
CVE-2024-5700[High] Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. | CVSS 7 | - | Patched |  |
CVE-2024-5699[Low] In violation of spec, cookie prefixes such as __Secure were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. | CVSS 9.8 | - | Patched |  |
CVE-2024-5698[Low] By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. | CVSS 6.1 | - | Patched |  |
CVE-2024-5697[Low] A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. | CVSS 4.3 | - | Patched |  |
CVE-2024-5696By manipulating the text in an `<input>` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | CVSS 8.6 | - | Patched |  |
CVE-2024-5695[Moderate] If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. | CVSS 9.8 | - | Patched |  |
CVE-2024-5694[Moderate] An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. | CVSS 7.5 | - | Patched |  |
CVE-2024-5693[Moderate] Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. | CVSS 6.1 | - | Patched |  |
CVE-2024-5692[Moderate] On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as .url by including an invalid character in the extension. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. | CVSS 6.5 | - | Patched |  |
CVE-2024-5691[Moderate] By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. | CVSS 4.7 | - | Patched |  |
CVE-2024-5690[Moderate] By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. | CVSS 4.3 | - | Patched |  |
CVE-2024-5689[Moderate] In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing. | CVSS 4.3 | - | Patched |  |
CVE-2024-5688If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | CVSS 8.1 | - | Patched |  |
CVE-2024-5687[High] If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the Referer and Sec- headers, meaning there is the potential for incorrect security checks within the browser in addition to incorrect or misleading information sent to remote websites.This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* | CVSS 5.3 | - | Patched |  |
CVE-2024-49378smartUp, a web browser mouse gestures extension, has a universal cross-site scripting issue in the Edge and Firefox versions of smartUp 7.2.622.1170. The vulnerability allows another extension to execute arbitrary code in the context of the user’s tab. As of time of publication, no known patches exist. | CVSS 6.1 | - | - |  |
CVE-2024-47884foxmarks is a CLI read-only interface for Firefox's bookmarks and history. A temporary file was created under the /tmp directory with read permissions for all users containing a copy of Firefox's database of bookmarks, history, input history, visits counter, use counter, view counter and more confidential information about the history of using Firefox. Permissions default to 0o600 for NamedTempFile. However, after copying the database, its permissions were copied with it resulting in an insecure file with 0x644 permissions. A malicious user is able to read the database when the targeted user executes foxmarks bookmarks or foxmarks history. This vulnerability is patched in v2.1.0. | CVSS Low | - | - |  |
CVE-2024-4778[Moderate] Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. | CVSS 9.8 | - | Patched |  |
CVE-2024-4777[Moderate] Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. | CVSS Low | - | Patched |  |
CVE-2024-4776[Low] A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. | CVSS 8.2 | - | Patched |  |
CVE-2024-4775[Low] An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. Note: This issue only affects the application when the profiler is running. | CVSS 5.9 | - | Patched |  |
CVE-2024-4774[Low] The ShmemCharMapHashEntry() code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. | CVSS Low | - | Patched |  |
CVE-2024-4773[Low] When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. | CVSS 7.5 | - | Patched |  |
CVE-2024-4772[Low] An HTTP digest authentication nonce value was generated using rand() which could lead to predictable values. | CVSS Low | - | Patched |  |
CVE-2024-4771[Moderate] A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution. | CVSS 8.6 | - | Patched |  |
CVE-2024-4770When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. | CVSS 8.8 | - | Patched |  |
CVE-2024-4769[Moderate] When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. | CVSS 5.9 | - | Patched |  |
CVE-2024-4768A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. | CVSS Low | - | Patched |  |
CVE-2024-4767[Moderate] If the browser.privatebrowsing.autostart preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. | CVSS 4.3 | - | Patched |  |
CVE-2024-4766[Moderate] Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have lead to potential user confusion and spoofing attacks.This bug only affects Firefox for Android. Other versions of Firefox are unaffected. | CVSS 4.3 | - | Patched |  |
CVE-2024-4765[Moderate] Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. This issue only affects Firefox for Android. Other versions of Firefox are unaffected. | CVSS 8.1 | - | Patched |  |
CVE-2024-4764[High] Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. | CVSS 9.8 | - | Patched |  |
CVE-2024-45489Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however, it is possible to create or update a boost using another user's ID. This installs the boost in the victim's browser and runs arbitrary Javascript on that browser in a privileged context. | CVSS 9.8 | - | - |  |
CVE-2024-4367If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. | CVSS Low | Exploit | Patched |  |
CVE-2024-43357ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript (JavaScript) specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type confusion and pointer dereference.
The internal async generator machinery calls regular promise resolver functions on IteratorResult (`{ done, value }`) objects that it creates, assuming that the IteratorResult objects will not be then-ables. Unfortunately, these IteratorResult objects inherit from `Object.prototype`, so these IteratorResult objects can be made then-able, triggering arbitrary behaviour, including re-entering the async generator machinery in a way that violates some internal invariants.
The ECMAScript specification is a living standard and the issue has been addressed at the time of this advisory's public disclosure. JavaScript engine implementors should refer to the latest specification and update their implementations to comply with the `AsyncGenerator` section.
## References
- https://github.com/tc39/ecma262/commit/1e24a286d0a327d08e1154926b3ee79820232727
- https://bugzilla.mozilla.org/show_bug.cgi?id=1901411
- https://github.com/boa-dev/boa/security/advisories/GHSA-f67q-wr6w-23jq
- https://bugs.webkit.org/show_bug.cgi?id=275407
- https://issues.chromium.org/issues/346692561
- https://www.cve.org/CVERecord?id=CVE-2024-7652 | CVSS 8.6 | - | - |  |
CVE-2024-43113[Moderate] The contextual menu for links could provide an opportunity for cross-site scripting attacks | CVSS 6.1 | - | Patched |  |
CVE-2024-43112[Moderate] Long pressing on a download link could potentially provide a means for cross-site scripting | CVSS 6.1 | - | Patched |  |
CVE-2024-43111[Low] Long pressing on a download link could potentially allow Javascript commands to be executed within the browser | CVSS 6.1 | - | Patched |  |
CVE-2024-3865[High] Memory safety bugs present in Firefox 124. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. | CVSS 8.1 | - | Patched |  |
CVE-2024-3864[High] Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. | CVSS 8.1 | - | Patched |  |