CVE-2024-7652

An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1901411
https://github.com/tc39/ecma262/security/advisories/GHSA-g38c-wh3c-5h9r
https://www.mozilla.org/security/advisories/mfsa2024-29/
https://www.mozilla.org/security/advisories/mfsa2024-30/
https://www.mozilla.org/security/advisories/mfsa2024-31/
https://www.mozilla.org/security/advisories/mfsa2024-32/

Configurations

No configuration.

History

09 Sep 2024, 13:03

Type	Values Removed	Values Added
Summary		(es) Un error en la especificación ECMA-262 relacionada con los generadores asincrónicos podría haber provocado una confusión de tipos, lo que podría provocar una corrupción de la memoria y un bloqueo explotable. Esta vulnerabilidad afecta a Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13 y Thunderbird < 128.

06 Sep 2024, 21:35

Type	Values Removed	Values Added
CWE		CWE-476 CWE-843
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

06 Sep 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-06 19:15

Updated : 2024-09-09 13:03

NVD link : CVE-2024-7652

Mitre link : CVE-2024-7652

CVE.ORG link : CVE-2024-7652

JSON object : View

Products Affected

No product.

CWE

CWE-476

NULL Pointer Dereference

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

7.5 /10